Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    September 2012
    S M T W T F S
    « Aug   Oct »
     1
    2345678
    9101112131415
    16171819202122
    23242526272829
    30  
  • Email Subscription

  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Archive for September 18th, 2012




    Note:

    Some of the apps discussed in this blog entry were developed with an older adware SDK that did not contain opt-in provisions, particularly regarding the ability to collect information and display ads outside of the original app. The adware SDK has since been updated to this capability to comply with Google’s developer policies; apps that use this newer version are no longer considered high-risk.

    More details about this change can be found in our December 2012 Monthly Mobile Review: The Hidden Risk Behind Mobile Ad Networks.

    We uncovered four Android mobile apps on Google Play and certain third-party app stores, which when installed, gain access to specific device information that can be used without users’ consent and may lead to data leakage. One of these apps was already removed from Google Play but remain available on third-party ones. These apps are crafted to take advantage of the upcoming 2012 US Presidential Election and its two candidates, Mitt Romney and Barack Obama. Users can download these apps for free.

    The first app called “Obama vs Romney”, an ANDROIDOS_AIRPUSH variant found to connect to airpush.com, a mobile ad network site. The app’s description page also indicates that it may contain ad notifications. We found that this app has more than 300 downloads from third party stores and an estimated 500-1000 downloads from Google Play so far.

    This app was designed as a polling service in which users can choose between the two candidates. It is supposed to display an overall result of the poll immediately. However, during our testing, it ends up showing the message “you probably want to start clicking as soon as possible”. This particular app also displays potentially annoying ads served from airpush.com that are displayed outside of the app itself.

    It also contains ACCESS_COARSE_LOCATION among others, that can access information that includes the device’s GPS location.

    Read the rest of this entry »

     
    Posted in Mobile | Comments Off



    My previous post discussed how certain spam messages can lead to the downloading of malicious apps detected as ANDROIDOS_CONTACTS.E. This time around, we focused on the app’s routines and how the people behind this threat possibly profit.

    My analysis focused particularly on the app “Solar Change”. This Android app (detected as ANDROIDOS_CONTACTS.E) was found to gather contact information such as email address from the infected device. The perpetrators behind apps may then pedal these gathered data to potential attackers and spammers.

    When users install the app, it shows the list of permissions that it requests. However, a closer look into these permissions reveal that the app also request for the contact details and list of accounts stored in the device.

    Read the rest of this entry »

     


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice