Company Doctor Web, a Russian producer of antivirus software reports that the official Google Play store found 28 malicious applications that include advertising module that has the ability to infect Trojans devices operating on Android. The total number of installations of these applications, and as a result of the potentially infected devices, reaches out to several million. Since the introduction of the virus Google Bouncer is the biggest and most massive case of infection of malicious Android applications that can be found in the Google Play store.
ads displayed in the online store Google Play has long been used by hackers to spread malicious programs, including Trojans spread. So far, the most popular among them are the family Android.SmsSend Trojans, designed to send text messages and make premium on behalf of users subscribe to services including paid content. The effectiveness of this method has decided to re-pos?u?eniu to it by the scammers.
This time, criminals have decided to go a step further and formed their own advertising platform dedicated to mobile devices running Android, similar to Google AdMob, Airpush or startapp. At first glance, it does not differ from the other acting like a market: developers offer very attractive terms on which they can build applications using the shared advertising API promises a high and stable income, and the convenience of the management and control of incoming cash.
As with many other types of software, such as adware, ads in the notification bar by using the ‘push’ method. In addition, the platform includes a number of other hidden features.
One of them is the display of the notification of the need to update the application. In the situation when the user agrees, the file is downloaded. Apk (file format used to distribute software on the Android platform), which is placed on the memory card in the directory / mnt / sdcard / download. It contains malicious code can also be created on the main phone screen shortcut to the file you downloaded. If the user clicks on the icon, the installation process will be started corresponding, malware.
conducted by specialists from Doctor Web’s study showed that the installed applications in this way is in fact a family of Trojans Android.SmsSend. The identified addresses management server a few days ago have been incorporated into the Parental Control module anti-virus Doctor Web, resulting in the attempt to connect with them are immediately blocked.
Below is a complete list of commands that can accept and carry out advertising platform contains malware
news – displays notifications “push”
showpage – open a web page in a browser
install – download and install the file. apk
showinstall – display notifications “push” to enable installation file. apk
iconpage – create a shortcut to a web page
iconinstall – create a shortcut to a file. apk
newdomen – change of address management server
seconddomen – alternate server address management
stop – end communicating with the server
testpost – re-send the command
In addition to performing these commands, false platform is also able to download and upload to the server managing the following data: IMEI number of the mobile device, carrier code and IMSI number of the SIM card.
The biggest threat is the fact that applications that contain malicious software that were included in the official Google Play Store, which is considered the safest part of Android. Because many users trust that Google Play is completely safe, the number of plants infected with dangerous applications advertising module is very large. Because of restrictions applied by Google in terms of statistical data on the number of applications downloaded from Google Play Store, you can not identify with absolute accuracy the total number of potential victims. On the basis of the information held by experts from Doctor Web can be said that the probable number of victims may be more than 5.3 million users.
Doctor Web specialists qualified for the module to the category of adware as Android.Androways.1.origin. It was listed in the virus database and poses no threat to users of Dr.Web anti-virus software for Android.
source: Doctor Web
CAN
No comments:
Post a Comment