Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    July 2012
    S M T W T F S
    « Jun   Aug »
    1234567
    891011121314
    15161718192021
    22232425262728
    293031  
  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Archive for July 20th, 2012




    The massively popular and entertaining pastime of online gaming is done by millions all around the world but little realize its not-so-entertaining drawbacks. People tend to create another self in the world of online gaming. It’s easy to assume that that there is nothing harmful with losing yourself in that other world. But as mentioned in our e-guide, online gaming also has a dark side that opens up possibilities of financial theft and hacked or stolen accounts. In fact, we’ve been seeing more and more in-game phishing activity in the massively multiplayer online role-playing game (MMORPG) World of Warcraft.

    That said, online gaming today clearly isn’t just about fun and games, no matter what type of gamer you are. Our new infographic illustrates some quick stats on casual and hardcore gamers as well as the risks they may encounter. Can you guess how many times the Angry Birds games were downloaded? How about the estimated population of console gamers? To know the answers to these and more, check out our latest infographic “What Type of Gamer Are You?

     
    Posted in Bad Sites, Data | Comments Off


    Jul20
    1:00 am (UTC-7)   |    by

    The number of Android malware in the wild has been growing explosively since late 2011. To keep malicious apps off the official Android app store (now known as Google Play), Google introduced a security service with they codenamed Bouncer in February of this year.

    Bouncer quietly and automatically scans apps (both new and previously uploaded ones) and developer accounts in Google Play with its reputation engine and cloud infrastructure. According to Google, Bouncer was responsible for a  40% drop in the number of malicious apps in its app store.

    Researchers found Bouncer can be fingerprinted

    Recently, two security researchers reported that Bouncer can be fingerprinted. To prove their point, they submitted an Android app which had shell code included that allowed them to poke around Bouncer while the submitted app was being analyzed. This code also connected back – in effect, phoned home – to the researchers. The researchers were able to get some details of Bouncer runtime environment. Some interesting findings about Google Bouncer were revealed, for example:

    • The type of simulator the Bouncer uses is QUME (software that can emulate hardware platforms).
    • All virtualized phone instances in the Bouncer are associated with the same account and have exactly one contact and two photos on the simulated device.
    • Bouncer only checks a submitted app for five minutes.
    • Bouncer only does dynamic analysis. This means only applications misbehave when running in the Bouncer will get caught.
    • Google’s IP range assigned to Bouncer can be revealed as the analyzed apps are allowed to access Internet while being tested.
    What kinds of threats are hitting Android users?

    Now that we know that Bouncer can be easily fingerprinted, it’s not difficult to picture that malicious Android apps can actually take advantage of it and disguise themselves as legitimate apps when running in Bouncer to bypass Google’s security check and make their way to Google Play and eventually to user devices.  The following are some possible attack scenarios:

    • Delayed attack: The application can include malicious payloads in the submitted app but behave benign when it is running in Bouncer. Once it gets onto a user’s device, then starts to run malicious code.
    • Update attack: No malicious code needs to be included in the initial installer. In this case, the app can have an even better chance to evade Bouncer’s detection. Once the application passes Bouncer’s check and gets installed on a real user’s device, then the application can either download additional malicious code to run or connect to its remote control and command (C&C) server to upload stolen data or receive further commands. Just this month, another two fake apps successfully avoid Bouncer using this technique and snuck into Google Play, staying there for two weeks. (We detect these apps as ANDROIDOS_TROJDOWNLOADER.A and ANDROIDOS_TROJSMS.A.)

    A second group of researchers are planning to present another technique at the BlackHat conference later this month. No details of their research is available at this point.

    Only you can protect yourself

    Google has reportedly changed some characteristics of  Bouncer after the researchers contacted them. However, today’s malware evolves quickly and malware developers can always find new ways to get around the security check.

    What we can learn here is that Bouncer does stop many malicious Android apps from getting into Google Play, however it can be evaded. Even though Google has the ability to remotely remove installed apps from user’s device, it would be still be best if the malware can be stopped before it reaches the user’s device.

    Android users are always suggested to be mindful of potential security risks when downloading and installing apps, regardless of the download source. It’s always a good idea to have an effective mobile security product like Trend Micro Mobile Security for Android installed on your device for additional protection. Trend Micro Mobile Security for Android is powered by Trend Micro’s cloud-based Mobile App Reputation technology which provides better and faster protection to users. Trend Micro Mobile Security for Android does not only scan for malicious app already installed on the device; it can also also stop malicious apps from being installed.

    To know more about how to better protect yourself from Android-OS specific threats, you may refer to our digital life e-guides below:

     

     
    Posted in Mobile | Comments Off


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice