New Android Malware Found

Security researchers at Kaspersky Labs have discovered a new malware that affects Android devices. Nikita Buchka wrote on a blog post: "Instead of attacking a user, it attacks the WiFi network the user is connected to, or, to be precise, the wireless router that serves the network."

The trojan deploys the brute-force attack to guess the password and access the device. Once the password is cracked, it modifies the DNS server in the router, redirecting all traffic through their own servers and malicious websites.

What makes things really bad is, as Buchka explained, that instead of affecting users, the malware affects the entire network, which means every user on that network is exposed. Kaspersky recommends checking the DNS settings of your router.

There are currently two versions of the app: one is a fake mobile client for Chinese search engine Baidu and the second one is about WiFi network. It's the same old story where cybercriminals are offering malicious fake apps outside of official app stores. Always use the official app stores. Anyone using official Google Play Store for app installation is safe.

The lesson here is: don't install random apps from random websites.

Serious Bug Found in Ubuntu

An Irish security researcher Donncha O'Cearbhaill found a remote execution bug in Ubuntu's Apport crash reporter that can infect a system with malicious code.

O'Cearbhaill wrote on his blog, "The bug allows for reliable code injection when a user simply opens a malicious file. The following video demonstrates the exploit opening the Gnome calculator. The executed payload also replaces the exploit file with a decoy zip file to cover its tracks."

O'Cearbhaill reports that Ubuntu will open any unknown file with apport-gtk if it begins with ProblemType . What makes things worse is that Apport is installed by default on all Ubuntu systems after 12.10, which also includes forks like Linux Mint.

If you are using any Ubuntu-based distribution, you are vulnerable. The hole has been patched, but it does expose one major problem with Linux: Often such bugs hide for years and even decades, and security experts often lack incentives for finding them. Unlike Google, which rewards such discoveries, Linux vendors often depend on the community.

Commercial Linux distributions like Ubuntu should start a reward program to encourage security researchers to find such bugs. Without enough eyes, all bugs are deep.

If you are using any Ubuntu-based distribution, please update your system immediately.

More Online

Linux Magazine

Off the Beat * Bruce Byfield

LibreOffice MUFFIN risks being half-baked

On December 21, The Document Foundation announced that LibreOffice 5.3 would include MUFFIN (My User Friendly & Flexible INterface).

How Signal does security right

A couple of weeks ago, I was writing about Echo Whisper Systems' Signal, which encrypts voice and text messages for Android and iOS phones.

Taking a stand for ethical tech

Several weeks ago, I discussed taking a stand against unethical parts of your work.

Paw Prints * Jon "maddog" Hall

LPIC OT DevOPs Engineer -- Request for help in the Job Task Analysis

Some of my readers may know that I am the Chair for the Board of Directors of the Linux Professional Institute (LPI).


Modern Fortran -- Part 2 * Jeff Layton

Fortran 90 catapulted Fortran from a perceived "old" language to a modern language on equal footing with any other.

ADMIN Online

Hyper-V containers with Windows Server 2016 * Nils Kaczenski

The release of Windows Server 2016 also heralds a new version of Hyper-V, with improved cloud security, flexible virtual hardware, rolling upgrades of Hyper-V clusters, and production checkpoints.

A script for strict packet filter updates * Matthias Wubbeling

Automatically create restrictive rules in Linux iptables packet filters.

Writing SELinux modules * Thorsten Scherf

Much has happened in the field of SELinux in the last few years, including the development of new usability features.

Setting up Windows clients with Chef * Tam Hanna

Chef administrators unafraid of a learning curve can employ a powerful tool for Windows client management.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Root Exploit Vulnerability in Kernel 2.6.30

    A recently discovered root exploit attacked the newest Linux versions and circumvented protection systems such as SELinux and AppArmor. A solution has been found.

  • Red Hat Releases RHEL 6.9 Beta

    Makes it easier for customers to move workloads into container-centric applications.

  • NEWS

    In the news: LibreOffice 6.0 released; Red Hat acquires CoreOS; Red Hat Enterprise Linux 7.5 beta out; Torvalds Is not happy with Intel’s patch, calls it garbage; and more than 2,000 WordPress sites infected by malware. 

  • News

    In the news: The Art of PostgreSQL; Red Hat Announces CentOS Stream; Linus Torvalds Agrees to Kernel Lockdown; Richard Stallman Resigns from Free Software Foundation; Oracle Announces Autonomous Linux; Attackers Find a New Way to Install Cryptominers; and GitLab 12.3 Brings More Security to DevOps Engineers.

  • Red Hat Enterprise Linux 7.5 Beta Out

    RHEL 7.5 comes with enhanced security and usability features.

comments powered by Disqus
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters

Support Our Work

Linux Magazine content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.