News Roundup: Hackers exploit Android ‘master key’ in wild, five men indicted in massive hacking scheme and former Japanese poker champion arrested over distribution of malware

Hackers exploiting Android ‘master key’ in wild
At the beginning of July we reported that security research firm BlueBox had uncovered a ‘master key’ that would allow cyber criminals to gain unlimited access to any Android device. BlueBox had planned to release more details on this vulnerability at the Black Hat hacker conference next month, but it seems that the cyber criminals have beaten them to it and are already exploiting the key in the wild. The bug allows an attacker to install codes on any phone that runs on Google’s mobile operating system and then take control of the handset. Researchers from Symantec say that they’ve already uncovered two infected legitimate apps that are distributed throughout China and advise users that they should only be downloading software through Google’s Play store.

Five men indicted in large hacking scheme
Five men from Russia and the Ukraine have been indicted in the US for conspiring together to pull off a worldwide hacking scheme that compromised more than 160 credit card numbers and caused $300 million in losses over five years. Several companies were attacked by the men including Nasdaq, 7-Eleven, JCP and Dow Jones between 2005 and 2012. Two of the men are supposedly specialists when it comes to getting through network security and gaining access to victims’ systems, while another man specialised in mining data. The defendants hid their actions behind an anonymous web-hosting service in a bid to avoid detection.

Former Japanese poker champion arrested on malware charges
Masaaki Kagawa, a former Japanese poker champion who won around $1.5 million in tournaments, has been arrested by the Japanese authorities on suspicion of distributing Android malware. Symantec claims that Kagawa is one of nine who are accused of sending out spam emails with links to the Android malware ‘Android.Enesoluty’ embedded in them. The group registered about 150 domains to host the malware and managed to collect around 37 million email addresses from about 810,000 Android devices. It’s estimated that they earned around $3.9 million through the running of a fake online dating service called Sakura site.