Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    January 2013
    S M T W T F S
    « Dec   Feb »
     12345
    6789101112
    13141516171819
    20212223242526
    2728293031  
  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Archive for January 25th, 2013



    Jan25
    6:30 am (UTC-7)   |    by

    Apart from those apps that register users for unwanted services and those that aggressively push ads, Android users should also worry about apps with backdoor capabilities.

    While premium service abusers and adware accounted for the majority of malicious apps in 2012, they are, however, not the only threats to Android. Reports of a botnet running on more than a million of smartphones recently made the headlines, which goes to show that attacks aimed at Android devices are varied and far from over.

    Prior to these reports, we have been seeing these malware  since July 2012 and have so far detected 4,282 in the wild. The related samples we analyzed (detected by Trend Micro as ANDROIDOS_KSAPP.A, ANDROIDOS_KSAPP.VTD, ANDROIDOS_KSAPP.CTA, ANDROIDOS_KSAPP.CTB, and AndroidOS_KSAPP.HRX ) were from a certain third-party app store, though we suspect there are other available several sites. Typically, these apps are marketed as gaming apps, some of them bearing or are repackaged versions of popular gaming titles.

    The first batch of samples we analyzed was packaged using the same app title, purportedly from the same company.

    Once any of these malicious apps is installed in a device, it communicates to the following remotes sites to acquire compressed script then parses the said script:

    • http://{BLOCKED}y.{BLOCKED}i.com:5222/kspp/do?imei=xxxx&wid=yyyy&type=&step=0
    • http://{BLOCKED}n.{BLOCKED}1302.com:5222/kspp/do?imei=xxxx&wid=yyyy&type=&step=0
    • http://{BLOCKED}1.com:5101/ks/do?imei=xxxx&wid=yyyy&type=&step=0

    Read the rest of this entry »

     
    Posted in Mobile | Comments Off


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice