KIT PEREZ
It turns out that the government spying on you isn’t your only problem. If you download games for your Android phone, you also may have downloaded a malicious file that gives attackers full control of your phone — even if you only download from the official Google Play store.
This week security researchers found that a game called “colourblock” wasn’t just a game, but what’s called “rooting malware.” Rooting refers to root access, the highest level of administration on a device. If someone has root, they can create, collect, see, change, or destroy anything. Naturally, this isn’t something that your cell phone provider wants you to do, and so most people don’t have root access even on their own devices. Having root, as it’s called, can be a dangerous thing even if you own the device. The colourblock game, however, gives an unknown party full and unfettered access to every line of code on your phone, which means every scrap of data, no matter how personal, is wide open to them. And they can do anything they want with this information.
While Google and other mobile operating system designers advise against installing apps found outside the official stores like Google Play, iTunes, or Windows Store, colourblock was on the official store, right in the mix of known and tested apps that users think are safe — but harmless it is not. Hacker News says, “Dubbed Dvmap, the Android rooting malware disables device’s security settings to install another malicious app from a third-party source and also injects malicious code into the device system runtime libraries to gain root access and stay persistent.”
What that means in layman’s terms, is that the app presents itself as clean. Google’s testing pronounced it safe and made it available to all Android users to download. Sometime after that, the developers replaced the program on the Google Play Store with an ‘updated’ version of the app that contained the malware — and users started downloading it. Once people installed it on their phones and tablets, the malware disabled the phone’s security and reached out to the internet to download a second program, which it also installed on the device. That second program buries itself in the driver files that control everything and gives itself root access. In addition, that access is persistent, which means, for all intents and purposes, the user doesn’t have a way to stop it. In most cases, they don’t even know their device is compromised.
The developers updated their app on the Google Play store again with the clean version — effectively hiding any evidence that something was amiss. In fact, security researchers who caught the problem found that clean and ‘dirty’ versions of the app were swapped out at least five times.
LN readers who have Android phones should ensure they have not downloaded colourblock. If you’re not running a mobile anti-virus or anti-malware app, you should look into Malwarebytes or other solutions to protect your phone. Any apps you download should only come from trusted sources — and you should read the comments of other users before downloading.
It’s no longer enough to simply be a bit careful online. For everyone from the government to marketing companies to malicious hackers, you are a resource and a product to be used and abused. Your data is currency, your privacy not a concern. The government can’t protect your devices with more laws; all you can do as a consumer is take responsibility for your own digital safety — and take the appropriate steps to limit your exposure.
You could also choose not to use your phone for any activity where you wouldn’t want a criminal looking over your shoulder or the information publicized all across the internet. That level of lifestyle change, however, is not something that’s coming on a societal level anytime soon.
