BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

5 held over apps that stole smartphone info

From: security curmudgeon <jericho () attrition org>
Date: Thu, 1 Nov 2012 12:04:50 -0500 (CDT)


---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://www.yomiuri.co.jp/dy/national/T121030003585.htm

The Yomiuri Shimbun
Oct. 31, 2012

Five people, including the owner of an information technology-related 
company, were arrested Tuesday on suspicion of providing a virus built 
into smartphone applications that stole more than 10 million pieces of 
personal information from users' address books.

The Metropolitan Police Department said about 90,000 people's smartphones 
were infected with a virus lurking in applications they downloaded.

According to the MPD, this is the first case established to deal with such 
a large information theft in Japan.

Investigative sources said a man who runs an IT-related company allegedly 
created video applications for Android smartphones containing a virus that 
extracts personal information stored on the phone. In collusion with a 
woman who is the former president of another Tokyo-based IT-related firm, 
the man released the apps on Google Inc.'s official store for free in late 
March. He is suspected to have had the malicious apps transmit personal 
information, including telephone numbers and e-mail addresses, to an 
external server.

[...]

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.
Previous By Date Next
Previous By Thread Next

Current thread: