McAfee finds Windows worm in KFC Android app
https://latestsnewsforyou.blogspot.com/2013/08/mcafee-finds-windows-worm-in-kfc.html
Fried chicken fans infected due to 'careless attitudes' of developers
by LEE BELL
SECURITY FIRM McAfee has warned of a Windows worm that infects Android smartphones and tablets via a Kentucky Fried Chicken (KFC) app promoting discounted fried chicken at the fast food restaurant.
Although the worm doesn't cause any harm to the Android devices that downloaded it, the finger lickin' Windows worm can spread among computers running Microsoft's PC operating systems.
"Here is the curious case of an Android application on Google Play that contains some traces of malware, but poses no security danger for Android devices. This same application, however, is dangerous to other mobile and PC platforms," McAfee's Fernando Ruiz warned in a blog post.
"Embedded inside this APK file, McAfee Labs found a Windows worm (Generic Malware.og!ats) that replicates itself via network shares."
Ruiz explained that there is no auto-execution option for the malware on a Windows PC, but a user could run the malicious application by opening the APK in Zip format and running the program.
"This PC malware resides in each Android device that has installed the 'KFC WOW@25 Menu' app," he added, blaming the app's developer for the worm.
"When a legitimate Android application contains a malicious file such as this one, for a Windows PC, it is likely this has occurred due to neglect on the part of the developer."
Apparently, this neglect can be as simple as not securing the development environment when creating the app.
"The developer of this app possibly had outdated antimalware software on the computer, so without realising that the computer was infected, the source code directory contained a copy of the worm," Ruiz said.
From there the worm was packaged, signed, and deployed on Google Play -no doubt in a brown paper bag with grease wipes - with the developer completely unaware of the file.
Fried chicken fans are safe as the app has since been removed from Google Play, however McAfee insists that it still poses a risk to Andriod users through the carelessness of developers who don't practice "the essentials for a secure computer" or maintain updated anti-malware software before distributing content to other users.
the inquirer
by LEE BELL
Although the worm doesn't cause any harm to the Android devices that downloaded it, the finger lickin' Windows worm can spread among computers running Microsoft's PC operating systems.
"Here is the curious case of an Android application on Google Play that contains some traces of malware, but poses no security danger for Android devices. This same application, however, is dangerous to other mobile and PC platforms," McAfee's Fernando Ruiz warned in a blog post.
"Embedded inside this APK file, McAfee Labs found a Windows worm (Generic Malware.og!ats) that replicates itself via network shares."
Ruiz explained that there is no auto-execution option for the malware on a Windows PC, but a user could run the malicious application by opening the APK in Zip format and running the program.
"This PC malware resides in each Android device that has installed the 'KFC WOW@25 Menu' app," he added, blaming the app's developer for the worm.
"When a legitimate Android application contains a malicious file such as this one, for a Windows PC, it is likely this has occurred due to neglect on the part of the developer."
Apparently, this neglect can be as simple as not securing the development environment when creating the app.
"The developer of this app possibly had outdated antimalware software on the computer, so without realising that the computer was infected, the source code directory contained a copy of the worm," Ruiz said.
From there the worm was packaged, signed, and deployed on Google Play -no doubt in a brown paper bag with grease wipes - with the developer completely unaware of the file.
Fried chicken fans are safe as the app has since been removed from Google Play, however McAfee insists that it still poses a risk to Andriod users through the carelessness of developers who don't practice "the essentials for a secure computer" or maintain updated anti-malware software before distributing content to other users.
the inquirer
