Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    November 2014
    S M T W T F S
    « Oct    
     1
    2345678
    9101112131415
    16171819202122
    23242526272829
    30  
  • About Us

    We’ve reported previously that malicious apps were discovered in the official Android app store, which is now known as Google Play. While those reported apps were removed, more malicious apps have been seen in the official marketplace and appear to be still victimizing users. This is just one of the important reasons why we feel that a technology like our Trend Micro Mobile App Reputation is crucial in users’ overall mobile experience and security.

    In total, we have discovered 17 malicious mobile apps still freely downloadable from Google Play: 10 apps using AirPush to potentially deliver annoying and obtrusive ads to users and 6 apps that contain Plankton malware code.

    Application Name Package Name App Developer Brief Behavior Description
    Spy Phone PRO+ com.spinXbackup.backupApp Krishan Sends out GPS location, SMS and call log
    微笑的小工具 com.antonio.smiley.free Antonio Tonev Connects to C&C server and waits for the command
    應用程序貨架 com.antonio.wardrobe.apps.lite Antonio Tonev Connects to C&C server and waits for the command
    小兔子射氣球 com.christmasgame.balloon Ogre Games Connects to C&C server and waits for the command
    阿維亞拼圖 com.macte.JigsawPuzzle.Aviation Macte! Labs Connects to C&C server and waits for the command
    山拼圖 com.macte.JigsawPuzzle.Hills Macte! Labs Connects to C&C server and waits for the command
    食品謎 com.macte.JigsawPuzzle.Food Macte! Labs Connects to C&C server and waits for the command
    NBA SQUADRE PUZZLE GAME com.bestpuzzlesgames.NBA1 Crisver Pushes applications and advertisements to user
    NFL Puzzle Game com.bestpuzzlesgames.nfl Crisver Pushes applications and advertisements to user
    本機拼圖 com.macte.JigsawPuzzle.Indians Macte! Labs Pushes applications and advertisements to user
    拼圖:紐約 com.macte.JigsawPuzzle.NewYorkCity Macte! Labs Pushes applications and advertisements to user
    Cricket World Cup and Teams com.bestpuzzlesgames.cricket Crisver Pushes applications and advertisements to user
    怪物3D com.killu.m3d Killugames Pushes applications and advertisements to user
    最佳設計的鞋子 com.killu.bds Killugames Pushes applications and advertisements to user
    爆轉陀螺益智 com.manic.bb Manic Puzzles Push applications and advertisements to user
    芭比好萊塢之謎 com.espu.bho Puzzles Push applications and advertisements to user
    芭比娃娃夢幻之謎 com.espu.bafa Puzzles Push applications and advertisements to user

    Among them, one app which explicitly describes itself as a spying app has also been flagged as a threat by Trend Micro due to its potential for misuse. This particular threat is known as ANDROIDOS_PDASPY.A. Its Google Play page makes it clear what its purpose is:

    The attacker must initially install and set up this particular app onto the target phone, as can be seen in the following screenshots:

    Its capabilities include tracking a phone’s location, phone calls, and messages. Once the attacker presses the “Save & Start” button, the attacker can then track the device via the website given:

    Most of these apps have been downloaded several thousand times. The above PDASpy app appears to have been downloaded more than 100,000 times. Collectively, the detected apps have been downloaded more than 700,000 times. Users not running any mobile security app may be victimized by annoying ads (AirPush) or the apps’ (Plankton) malicious connections to remote C&Cs.

    We discovered these apps as part of our Mobile App Reputation efforts. We continuously monitor both official and third-party app stores for both newly uploaded and popular apps and check for the behavior of these apps. We look not just for malicious behavior, but also bandwidth-consuming and battery-consuming routines.

    Trend Micro Mobile Security Personal Edition is capable of detecting the threats we mentioned above.

    Related:

    Update as of 1:59 AM PST

    Google already removed some apps cited on this blog post. We will continue to monitor this case and update this entry for any progress.





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon






     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice