Android.Androways.1.origin
ads displayed in the online store Google Play has long been used by hackers to spread malicious programs, including Trojans spread. So far, the most popular among them are the family Android.SmsSend Trojans, designed to send text messages and make premium on behalf of users subscribe to services including paid content. The effectiveness of this method has decided to re-pos?u?eniu to it by the scammers.
This time, criminals have decided to go a step further and formed their own advertising platform dedicated to mobile devices running Android, similar to Google AdMob, Airpush or startapp. At first glance, it does not differ from the other acting like a market: developers offer very attractive terms on which they can build applications using the shared advertising API promises a high and stable income, and the convenience of the management and control of incoming cash.
As with many other types of software, such as adware, ads in the notification bar by using the ‘push’ method. In addition, the platform includes a number of other hidden features.
One of them is the display of the notification of the need to update the application. In the situation when the user agrees, the file is downloaded. Apk (file format used to distribute software on the Android platform), which is placed on the memory card in the directory / mnt / sdcard / download. It contains malicious code can also be created on the main phone screen shortcut to the file you downloaded. If the user clicks on the icon, the installation process will be started corresponding, malware.
conducted by specialists from Doctor Web’s study showed that the installed applications in this way is in fact a family of Trojans Android.SmsSend. The identified addresses management server a few days ago have been incorporated into the Parental Control module anti-virus Doctor Web, resulting in the attempt to connect with them are immediately blocked.
Below is a complete list of commands that can accept and carry out advertising platform contains malware
- news – displays notifications “push”
- showpage – open a web page in a browser
- install – download and install the file. apk
- showinstall – display notifications “push” to enable the installation file. apk
- iconpage – create a shortcut to a web page
- iconinstall – create a shortcut to a file. apk
- newdomen – change of address management server
- seconddomen – alternate server address management
- stop – end communicating with the server
- testpost – re-send the command
The biggest threat is the fact that applications that contain malicious software that were included in the official Google Play Store, which is considered the safest part of Android. Because many users trust that Google Play is completely safe, the number of plants infected with dangerous applications advertising module is very large. Because of restrictions applied by Google in terms of statistical data on the number of applications downloaded from Google Play Store, you can not identify with absolute accuracy the total number of potential victims. On the basis of the information held by experts from Doctor Web can be said that the probable number of victims may be more than 5.3 million users.
Doctor Web specialists qualified for the module to the category of adware as Android.Androways.1.origin. It was listed in the virus database and poses no threat to users of Dr.Web anti-virus software for Android.
No comments:
Post a Comment