Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    September 2013
    S M T W T F S
    « Aug   Oct »
    1234567
    891011121314
    15161718192021
    22232425262728
    2930  
  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Archive for September 13th, 2013




    Mobile threats can arrive via different methods. We have discussed at length the presence of malware in third-party app stores and even official app stores. We have also mentioned malware via text messages. We recently found one that took advantage of yet another method: spam.

    We encountered samples of spammed messages that were supposedly WhatsApp notifications. The message says that the user has received new voicemail. The message tries to make it more believable by including details such as the time and length of the call.


    Figure 1. Fake WhatsApp email 

    On a PC, once you click on the “play” button, you will be sent to a malicious site. This new site warns you that your browser is outdated and needs to be updated. Should you click the download button, malware will be downloaded onto your computer.


    Figure 2. Download site with malware on Windows systems

    However, it would seem like PCs were something of an afterthought. On a Windows PC, the site will download browser_update_installer.jar, detected as J2ME_SMSSEND.AF – which is a Java file for the mobile version. It is not a particularly well-suited file for a desktop.

    On Android and iOS devices, it’s clear that mobile was  considered the primary  platfrom for this threat. On Android the malicious site will download browser_update_installer.apk, detected as ANDROIDOS_OPFAKE.CTD. The downloaded file is disguised as a browser named “Browser 6.5”. Once started, the .html file shown as Figure 3 opens. If a user mistakenly click the Agree button, this malicious app will send text messages to specific phone numbers. The malware will also try to convince you to download another app onto your device.

    figure03
    Figure 3. Screenshot of app posing as “Browser 6.5”

    Apple users are not spared from this attack. Should an iOS user click on the “play” button, the screen will show a progress bar while downloading an app. However, because iOS devices (by default) can only install apps from the App Store, no app is actually installed. However, on jailbroken devices, this may pose a risk.

    figure04
    Figure 4. Download site on iOS site

    We mentioned in our 2Q Security Roundup that OPFAKE was one of the most prevalent Android malware families and that Premium Service Abusers were the most common type of mobile threat encountered. It looks like Q3 will not be different. The paper Fake Apps, Russia, and the Mobile Web also discussed the risks from these PSAs. This threat also highlights how some cybercriminals have gone mobile; this threat was focused on mobile devices, with non-smartphones being an afterthought. Users need to recognize this and protect themselves accordingly.

    With the additional analysis by Chloe Ordonia and Ruby Santos

     
    Posted in Malware, Mobile | Comments Off


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice