Search This Blog

Showing posts with label Mobile Malwares. Show all posts

Android Malware masquerade as Adobe Flash Player

Trend Micro researchers spotted an android malware that masquerade as Adobe Flash player app, hosted on Russian domains, similar to the fake Instagram and Angry Birds Space apps.

When users opt to download and install the said fake app, the site connects to another URL to download malicious .APK file, which Trend Micro detects as ANDROIDOS_BOXER.A.

ANDROIDOS_BOXER.A is a premium service abuser, which means it sends messages to premium numbers without the user’s permission, thus leading to unwanted charges.

Researchers also found that there are a number of malicious URLs hosted on the same IP. Based on the naming alone used in these URLs, it appears that Android is a favorite target for cybercriminals behind this scheme.

Hacked sites distributes Android malware(NotCompatible) using drive-by downloads

A Reddit user Georgiabiker discovered a new drive-by malware attack that targets Android users who visit hacked sites.

The hacked websites have been injected with malicious iframe that looks at the User Agent string sent by the browser to see if it contains the string "Android" and if so directs the device to download a malicious Android package (APK) , otherwise it will returns a NOT FOUND error.

After downloading the file, the device will display a notification prompting the user to click on the notification to install the downloaded app.

In order to actually install the app to a device, it must have the “Unknown sources” setting enabled . If the device does not have the unknown sources setting enabled, the installation will be blocked.

"NotCompatible is a new Android trojan that appears to serve as a simple TCP relay / proxy while posing as a system update. This threat does not currently appear to cause any direct harm to a target device, but could potentially be used to gain illicit access to private networks by turning an infected Android device into a proxy " Lookout researchers said.

1000+ sites hosted in German server used to launch Mobile malware Apps

Trend Micro researchers come across a server hosted in Germany that hosts a large number of websites serves mobile malware ,targeting Android and Symbian users.

Researchers found a total of 1351 websites hosted on the server , all the website  falling into a certain categories namely Android Market apps, Opera Mini/ Phone Optimizer apps, Pornographic apps , App storage sites, Others .

The sites under the Android Market apps category are designed such that it will look like a legitimate site, features popular applications like WhatsApp, Facebook, Facebook Messenger, Barcode Scanner, Skype, Google Maps, Gmail, YouTube, and others. TrendMicro security solutions detect the files download from above mentioned sites as ANDROIDOS_FAKENOTIFY.A.

The file downloaded from Opera Mini/ Phone Optimizer apps category websites detected as J2ME_SMSSEND.E (a malware especially designed for MIDlets supported devices).

According to the Trend micro graph showing the distribution of domains based on the categories, most of sites offered Opera Mini updates and Photo Optimizer Apps compared with others(nearly 300 sites).

"This particular cybercriminal operation presents some interesting findings. Here we saw that the attackers are not necessarily targeting only one platform. Based on the targeted platform, we also saw that cybercriminals use different social engineering lures. Also, despite the emergence and prevalence of platforms such as Android and iOS, the Symbian platform still seems to be targeted as well." Paul Pajares ,Fraud Analyst @ TrendMicro Said.

But F-secure researchers found this malware app site and published the information last month.

Lookout Prediction says More mobile malware expected in 2012 : Malwarenomics

Lookout Mobile Security released "Malwarenomics: 2012 Mobile Malware Predictions" .  The report says mobile malware attack will be increased in 2012, more malware will masquerade as legit apps and leads to fake sites.

Money seems the most significant motivation behind the most egregious mobile malware Lookout studied:
When mobile malware producers are able to steadily increase profits from infections more than they pay to infect devices, the industry will grow rapidly. There are a number of trends seen in 2011 that we expect to carry over into 2012 (perhaps at a greater rate) that will drive down the cost of infection and drive up profitability.

From their 2011 research on mobile threats, the company identified some specific instances where consumers should use extra caution when downloading apps or clicking links on their phone:

  • Visiting third party app stores. Lookout found that malware writers often test malware in alternative app markets before trying to place it in the Android Market or App Store. When discovered, malware is usually pulled more quickly from these primary distributors than it is from alternative markets. The likelihood of you encountering malware on an alternative app store increases dramatically.
  • Downloading gaming, utility and porn applications. Be careful to check reviews on these apps before you download. We found that these types of apps are most likely to have malware hidden inside of them.
  • Clicking on a shortened URL (e.g. bitly link) in an SMS message or on a social networking site. Users are three times more likely to click on a phishing link on their mobile device than they are on their PC (Trusteer 2011). Because we expect malware writers to increase web-based distribution, it’s time to start using extra caution when clicking on links on our mobile phones.
  • An app asks you to click “OK”. Don’t “auto pilot” through the prompts an app shows you in order to perform a certain function or deliver a service. Sometimes these apps are greyware, which hide in fine print that they will charge you via premium rate text messages.
  • Clicking on in-app advertisements. Not all advertisements are bad. In fact, most are okay. But some are examples of malvertising and could direct you to a malicious website, prompt you to download malware, or violate your privacy. When clicking on ads, you need to make sure that the ad directs to where you expect to be directed.