Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    July 2012
    S M T W T F S
    « Jun   Aug »
    1234567
    891011121314
    15161718192021
    22232425262728
    293031  
  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Archive for July 16th, 2012




    In just a month, the number of Android malware doubled from 10,000 to 20,000. The fast paced growth of Android threats is a reason for concern.

    We predicted that Android malware will reach the 11,000 count by this time of the year, an uncanny projection easily scoffed at. As it turned out, the excessive outlook doesn’t even come close to the 25,000 Android malware we found in the wild.

    We also reported various tactics cybercriminals use to trick users into downloading malicious apps. Official Android app store Google Play became host to infected apps. Fake versions of Skype, Instagram, Angry Birds Space, Farm Frenzy, and other legitimate apps were used to send messages to premium numbers at the users’ cost. Users’ curious nature was monetized by spying apps like Spy Tool and Spy Phone Pro+. The particularly sophisticated BotPanda strain opens rooted devices for remote access while hiding its routines.

    We listed seven malware types for Android devices this quarter. Almost half of these are premium service abusers that subscribe users to services they did not sign up for. Adware, recently added due to persistent pushing of ads as urgent notifications, came second. Data stealers, malicious downloaders, rooters, click fraudsters, and spying tools follow respectively. These apps put personal and financial information most at risk of theft.

    Android malware rises alongside the growing market for Android devices. However, we found that only one in five Android devices have a security app installed. Users should also learn how threat actors use apps to steal information to avoid being lured into their scams. Google also keeps the Android ecosystem secure on its end using known features like the Bouncer service or automated scanning, sandboxing, permissions system, and remote malware removal.

    Discover what’s behind the menace that is Android malware through our detailed infographic here:

     
    Posted in Mobile | Comments Off



    Just days after reports of a supposed Android botnet spam run surfaced, we found a Yahoo! Android app vulnerability, which when exploited, allows an attacker to send spammed messages using the compromised Yahoo! account.

    First Spam Run via Android Botnet?

    Last week, several messages were found peddling fake pharma sites or contain links leading to phishing sites. What made this spam different, however, was the use of the “Sent from Yahoo! Mail on Android” in the message signature and the “androidMobile” value mentioned in the Message-ID field. Based on reports, the IP addresses indicated in these messages were assigned to network operators and were located in developing countries.

    Given these evidences, some experts surmised that the spammers may have used Android devices compromised with malicious apps. Google, however, refuted that the spam were sent from an Android botnet, stating that the spammers behind this may have used infected PCs and fake mobile signature in an attempt to bypass email filters.

    Just recently, another possible scenario was proposed. Certain security researchers theorized the possibility of spammers taking advantage of a Yahoo! Android app vulnerability to compromise a mobile device and spam users with messages.

    Spammers May Exploit Yahoo! Mail Android Vulnerability

    Regardless of how these messages were sent, attackers exploiting a Yahoo! Android vulnerability to compromise a Yahoo! Mail account and send spam is a possibility. In fact, we recently uncovered a vulnerability in Yahoo! Android mail client, which can allow an attacker to gain access to a user’s Yahoo! Mail cookie. This bug stems from the communication between Yahoo! mail server and Yahoo! Android mail client. By gaining this cookie, the attacker can use the compromised Yahoo! Mail account to send specially-crafted messages. The said bug also enables an attacker to gain access to user’s inbox and messages.

    Currently, we are coordinating with Yahoo! about this particular bug. We will also be posting a separate blog entry for our technical analysis of the vulnerability.

    However spammed messages are sent, users should still be wary of spam as they pose certain risk. Users who click the links are lead to fake pharmaceutical sites offering bogus products or phishing pages asking users to divulge sensitive information. Thus, users must never download or click links contained in dubious-looking messages.

    Trend Micro protects users from this threat via Smart Protection Network™, which blocks these messages. Mobile users can benefit from Trend Micro Mobile Security Personal Edition, which detects malicious Android apps.

    Android users must avoid downloading apps from third-party app stores, as this increases the risk of downloading malware disguised as Android apps. To know more about how to protect your devices, you may read the following Digital Life e-Guides specific to Android users.

     
    Posted in Mobile, Social, Vulnerabilities | Comments Off


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice