Warsaw, April 26, 2013. Doctor Web, a Russian producer of antivirus software reports that the official Google Play store found 28 malicious applications that include advertising module that has the ability to infect Trojans devices operating on Android. The total number of installations of these applications, resulting in a potentially infected devices, reaches out to several million. Since the introduction of the virus Google Bouncer is the biggest and most massive case of infection of malicious Android applications that can be found in the Google Play store.
This time, criminals have decided to go a step further and formed their own advertising platform dedicated to mobile devices running Android, similar to Google AdMob, Airpush or startapp. At first glance, it does not differ from the other acting like a market: developers offer very attractive terms on which they can build applications using the shared advertising API promises a high and stable income, and the convenience of the management and control of incoming cash.
As with many other types of software, such as adware, ads are displayed in the notification bar by using the ‘push’ method. In addition, the platform includes a number of other hidden features.
One of them is the display of the notification of the need to update the application. In the situation when the user agrees, the file is downloaded. Apk (file format used to distribute software on the Android platform), which is placed on the memory card in the directory / mnt / sdcard / download. It contains malicious code can also be created on the main phone screen shortcut to the file you downloaded. If the user clicks on the icon, the installation process will be started corresponding, malware.
conducted by specialists from the company Doctor Web study showed that the installed applications in this way is in fact a family of Trojans Android.SmsSend . The identified addresses management server a few days ago have been incorporated into the Parental Control module anti-virus Doctor Web , with the result that attempts to connect to them are immediately blocked.
Below is a full list of commands that can accept and carry out advertising platform contains malware
· news – displays notifications “push”
- install – download and install the file. apk
- showinstall – display notifications “push” to enable the installation file. apk
- iconpage – create a shortcut to a web page
- iconinstall – create a shortcut to a file. apk
- newdomen – change of address management server
- seconddomen – alternate server address management
- stop – end communicating with the server
- testpost – re-send the command
addition to performing these commands, false platform is also able to download and upload to the server managing the following data: IMEI number of the mobile device, carrier code and IMSI number of the SIM card.
The biggest threat is the fact that applications that contain malicious software that were included in the official Google Play Store, which is considered the safest part of Android. Because many users trust that Google Play is completely safe, the number of plants infected with dangerous applications advertising module is very large. Because of restrictions applied by Google in terms of statistical data on the number of applications downloaded from Google Play Store, you can not identify with absolute accuracy the total number of potential victims. On the basis of the information held by specialists from the company Doctor Web can be said that the probable number of victims may be more than 5.3 million users.
Specialists from Doctor Web to qualify the module categories as Android.Androways.1.origin adware . It was listed in the virus database and poses no threat to users Dr.Web anti-vi rus software for Android.
No comments:
Post a Comment