Company Doctor Web reports that Google Play Store found 28 malicious applications that include advertising module that has the ability to infect Trojans Android devices. The total number of installations of these applications now amounts to several million. Since the introduction of the virus Google Bouncer, is the most serious case of infection of malicious Android apps from Google Play Store.
number of victims Android.SmsSend Trojans downloaded from Google Play can be more than 5.3 million
/ AFP
ads displayed in the online store Google Play has long been used by hackers to spread malicious programs, including Trojans spread. So far, the most popular among them are the family Android.SmsSend Trojans, designed to send text messages and make premium on behalf of users subscribe to services including paid content. The effectiveness of this method has decided to re-pos?u?eniu to it by the scammers.
Just three years ago, the risk of catching a mobile virus malware was virtually nil. According to a recent report, NQ Mobile Security number malware in 2012 increased dramatically. read more
This time, criminals have decided to go a step further and formed their own advertising platform dedicated to mobile devices running Android, similar to Google AdMob, Airpush or startapp. At first glance, it does not differ from the other acting like a market: developers offer very attractive terms on which they can build applications using the shared advertising API promises a high and stable income, and the convenience of the management and control of incoming cash.
As with many other types of software, such as adware, ads in the notification bar by using the ‘push’ method. In addition, the platform includes a number of other hidden features.
One of them is the display of the notification of the need to update the application. In the situation when the user agrees, the file is downloaded. Apk (file format used to distribute software on the Android platform), which is placed on the memory card in the directory / mnt / sdcard / download. It contains malicious code can also be created on the main phone screen shortcut to the file you downloaded. If the user clicks on the icon, the installation process will be started corresponding, malware.
conducted by specialists study showed that the installed applications in this way is in fact a family of Trojans Android.SmsSend. Below is a complete list of commands that can accept and carry out advertising platform contains malware
– news – show notifications “push”
– showpage – open a web page in a browser
– install – download and install the file. apk
– showinstall – display notifications “push” to enable the installation the. apk
– iconpage – create a shortcut to a website
– iconinstall – create a shortcut to a file. apk
– newdomen – change of address management server
– seconddomen – alternate server address management
– stop – end communicating with the server
– testpost – re-send command
In addition to performing these commands, false platform is also able to download and upload to the server managing the following data: IMEI number of the mobile device, carrier code and IMSI number of the SIM card.
The biggest threat is the fact that applications that contain malicious software that were included in the official Google Play Store, which is considered the safest part of Android. Because many users trust that Google Play is completely safe, the number of plants infected with dangerous applications advertising module is very large. Because of restrictions applied by Google in terms of statistical data on the number of applications downloaded from Google Play Store, you can not identify with absolute accuracy the total number of potential victims. On the basis of the information held by experts from Doctor Web can be said that the probable number of victims may be more than 5.3 million users.
No comments:
Post a Comment