20-year-old student pleads to making spy app for Android phone

A 20-year-old student of Carnegie Mellon University has pleaded guilty to developing and selling malicious software that allowed others to remotely control Google Android phones, including using the phones' cameras to spy on their owners.

Morgan Culbertson, a resident of Churchill, could face up to 10 years in prison and $250,000 in fines when he is sentenced Dec. 2.

However, it is unclear that how many phones were actually infected by malicious software after his court appearance before a federal judge in Pittsburgh.

It is said that if anyone’s phone gets infected from the app, it can remotely control by others and used to spy and secretly take pictures without the phone owner's knowledge. It also records calls, intercept text messages and otherwise steal information the owners downloaded on the devices.

According to a news report published in IndiaToday, he is one of 12 people charged by U.S. authorities, and the fourth to plead guilty so far, in the worldwide takedown of the Darkode.com cybercriminal marketplace.

Almost 70 other people have been targeted for allegedly using the cybercriminal marketplace where hackers bought and sold malicious software.

"I committed the crime, so I am responsible," Culbertson said after pleading guilty, according to the Pittsburgh Tribune-Review. "I understand what I did was wrong and I take full responsibility. I would like in the future to use may skills to help protect people."

Assistant U.S. Attorney Jimmy Kitchen said that Culbertson worked online with a man identified only as "Mike from the Netherlands" to create Dendroid, the malware that was secretly linked to Android phone apps available for purchase through Google Play.

Fake Android Virus alert says "Your Mobile compromised by Chinese Hackers"

Fake virus alert is the technique used by the Cyber criminals to trick users into thinking their system have a virus then tell them to install or buy fake applications, sometimes redirect them to spam websites.

A New fake virus alert spotted by Malware Bytes team says users that their device infected by a dangerous virus created by Chinese Hackers.

"whoever put this one together is watching all those APT news stories with glee and weaving them into their efforts below." Malware Bytes blog post reads.

Anyone passing through the page paulgrenwood[dot]com/US/smart/index[dot]html, receives the following message:

Warning! Your phone is attacked by severe virus that can steal your privacy which created by Chinese hackers on [date].
Please clear this virus immediately.

There is another fake warning message on the next page with “Android App on Google Play” button underneath the message and list of infections.

A rotator URL (clmbtrk(dot)com/?a=17990&c=81777&s1= )  is being used to send visitors to a variety of random adverts depending on geographical location.

Visiting the URL with a standard desktop setup would, more often than not, lead to a blank page. The bulk of the pages seen were dating sites with a lot of flesh on display, and even one hardcore pornography site

There’s no infection, so no need to panic.

Fake Minecraft Android App sold at cheap price contains virus code

A fake version of Android app "Minecraft - Pocket Edition" is found to be hosted on third-party marketplaces which contains a malware code.

These kind of fake and malicious version of apps are usually available for free.  However, cyber criminals made some exception for this app which is being sold for half of the actual price of the original app.

PC Magazine reports that F-Secure researchers have discovered a trojanized version of the Minecraft PE asking users to pay 2.50 Euros- the original app costs5.49 Euros.

The cyber criminals didn't stop by just scamming with fake version, they also added malicious code.  It will send SMS to premium rated phone numbers and sign up victims to expensive services.

Researchers have noticed that this malicious app is using a hacking tool called "Smalihook" to bypass "an authentication routine that causes it to fail to run if it does a certificate verification check and doesn't find the correct certificate". 

The good news is that it is only hosted in some third-party app stores but not in the official Google Play store.  This is one more example why you should never trust third party app stores, always download apps from Google Play.

Android font installing apps install iKno spyware

Security researchers from Webroot have come across few font installing apps hosted on Google Play that install Android spyware called "iKno".

The apps look like a legitimate font app and allow users to install new font on their android device.

The researcher analyzed the app and identified malicious code that downloads and executes ikno.apk file from a website.

iKno is android spyware developed by Technoreap solutions that monitors call logs, text messages, location.

It appears the malicious apps and developer's account have been removed from the Google play.