Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    April 2012
    S M T W T F S
    « Mar   May »
  • Email Subscription

  • About Us

    Archive for April 17th, 2012

    Recently, Facebook announced its acquisition of Instagram— a popular photo-sharing smartphone app, which also released an Android version almost a week ago. It was reported that Facebook paid approximately $1 billion (£629m) in cash and stock for the said takeover.

    Cybercriminals, soon enough, started to take advantage of Instagram‘s popularity. We discovered a spoofed webpage containing a rogue version of Instagram. The said webpage mimics Instagram‘s legitimate download page. The red squares indicate clickable links that lead to the download:

    For your reference, below is a screenshot of the site hosting the legitimate app:

    My colleague Jonathan Beltran also uncovered a rogue version of Angry Birds Space. Similar to the fake Instagram app, the webpage hosting this rogue app is hosted on a Russian site.

    Both the rogue Instagram and Angry Birds Space are detected as ANDROIDOS_SMSBOXER.A. Based on our initial analysis, the malware will ask users to permit the sending of a query using short numbers to supposedly activate the app. In reality, this malware sends a message to specific numbers. The rogue app also connects to specific sites, to possibly download other files onto the device.

    For the past few days, we have been seeing several other Russian domains hosting fake webpages posing as download pages for some popular Android apps. Some of the apps used in this scheme include Fruit Ninja, Temple Run and Talking Tom Cat. Users are advised to remain cautious before downloading Android apps, specially those hosted on third-party app stores. To know more on how to prevent downloading malicious apps and other safety tips, you may read the following e-guides:

    Trend Micro™ Smart Protection Network™ prevents access to the malicious website so users are protected from clicking and downloading the fake Instagram and Angry Birds Space app. Furthermore, Trend Micro Mobile Security detects the .APK to protect Android smartphones from the malware’s malicious routines.


    7:00 am (UTC-7)   |    by

    Following the so-called “Year of Data Breaches,” the first quarter of 2012 veered away from attacks that led to data loss and, instead, focused on mobility. The mobile threat incidents we’ve seen in the first quarter remained true to one of 2012 predictions—Android-based smartphones will continue to be a likely target for cybercrime. Trend Micro, in fact, identified approximately 5,000 new malicious Android apps in just the first three months of the year most likely due to the increase of Android user base.

    Advanced persistent threat (APT) campaigns like Luckycat continued to ensue aided by trends like consumerization and outsourcing as well as interacting with new technologies, platforms, and entities, which seemingly broadened the attack surface. Proving once again just how important data is, the Luckycat campaign attacked a diverse set of targets using a variety of malware.

    As in the past, hard-to-resist social engineering lures played a huge role in getting victims, regardless of device, to click malicious links, download malware, or visit malicious sites. Interest in new platforms like Pinterest again proved that with popularity came notoriety.

    The past three months have been rife with different kinds of threats with one common denominator—mobility. Simply put, going mobile opened up several opportunities for users and cybercriminals alike. Though it’s true that the rise of mobility is full of potential, the issue of security should always remain at the forefront.

    To take a closer look at the security landscape in the first quarter, read our comprehensive report, “Security in the Age of Mobility”

    Click for larger view



    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice