Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    July 2014
    S M T W T F S
    « Jun    
     12345
    6789101112
    13141516171819
    20212223242526
    2728293031  
  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Author Archive - Bruce An (Mobile Threat Analyst)




    Note:

    Some of the apps discussed in this blog entry were developed with an older adware SDK that did not contain opt-in provisions, particularly regarding the ability to collect information and display ads outside of the original app. The adware SDK has since been updated to this capability to comply with Google’s developer policies; apps that use this newer version are no longer considered high-risk.

    More details about this change can be found in our December 2012 Monthly Mobile Review: The Hidden Risk Behind Mobile Ad Networks.

    Our monitoring of popular Android app stores during the latter weeks of August revealed that the number of apps detected as ANDROIDOS_PLANKTON variants has increased rapidly.

    ANDROIDOS_PLANKTON was initially uncovered by North Carolina State University two months ago and was noted for its capability to download payloads and execute commands from a remote user. The discovery was also dubbed “largest Android malware outbreak ever” because of the millions of apps that contained dubious code similar to PLANKTON. During our research, the presence of this malware grew in Google Play between August 19 – 25.

    Another notable trend we saw in our monitoring is the fact that the number of adware disguised as normal apps has increased. Adware are known to display multiple ads on an infected device to possibly generate profit for its developers. The most number of adware available on these websites were ANDROIDOS_ADWIZP, ANDROIDOS_AIRPUSH, ANDROIDOS_ADSWO, ANDROIDOS_LEADBOLT.

    Trend Micro customers are now protected from these, as the Trend Micro Mobile Security for Android detects these malicious apps. It prevents installation of these malicious apps on mobile devices.

    Malware disguised as Android apps are not fading from the threat landscape anytime soon. For their part, users should always be cautious before downloading apps. Being informed about the reputation of the app and its developers can come a long way when it comes to securing your mobile devices.

    To know more about how to secure your devices, you may refer to the following Digital Life e-Guides:


    Coming Soon: The TrendLabs Security Intelligence Blog will be the new Malware Blog

     
    Posted in Mobile | Comments Off



    Note:

    Some of the apps discussed in this blog entry were developed with an older adware SDK that did not contain opt-in provisions, particularly regarding the ability to collect information and display ads outside of the original app. The adware SDK has since been updated to this capability to comply with Google’s developer policies; apps that use this newer version are no longer considered high-risk.

    More details about this change can be found in our December 2012 Monthly Mobile Review: The Hidden Risk Behind Mobile Ad Networks.

    Last week, we monitored three popular Android app stores – Google Play, Nduo and GFan – and found several adware on these app providers. When installed, adware typically display annoying advertisements.

    The chart below shows the adware that were still available online from August 12-18. Based on our findings, GFan had the most number of unique apps detected as adware. This might be possibly due to its popularity in the Chinese market. Developers might have created these apps, which display multiple ads on an infected device, in an attempt to target more users and generate more profit.

    We also found out that the most number of adware available on these websites are variants of ANDROIDOS_ADWIZP, ANDROIDOS_AIRPUSH, ANDROIDOS_ADSWO, ANDROIDOS_LEADBOLT, and ANDROIDOS_TOUCHNET. Except for TOUCHNET, all the adware mentioned have been detected previously.

    Once installed, TOUCHNET not only shows ads but also displays ads in notifications. It does not show which particular app displays the ad. The latter is possibly a technique to prevent users from determining the app to be removed.

    Trend Micro protects Android mobile users from this threat via Trend Micro Mobile Security Personal Edition, which detects malware disguised as apps. To know more about how to protect your Android devices from being infected, you may refer to the following Digital Life e-guides:


    Coming Soon: The TrendLabs Security Intelligence Blog will be the new Malware Blog

     
    Posted in Malware, Mobile | Comments Off


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice