Smartphone users in Japan are able to download a wide variety of apps, many of which are either inexpensive or free. Not all of these actually meet what users expect in terms of features, and some of these even introduce risks that users may not fully understand. In this series of blog posts, I will try to show how to evaluate the risks of these apps, focusing on the threats usually seen in Japan. In the first of the three blog entries, I will examine the current situation of info-stealing apps targeting Japanese users.
What is an “Ego App”?
Some apps have unwanted routines which we consider high-risk; for example some violate the user’s privacy by accessing the user’s personal information. Frequently, this is done by apps which display ads (i.e., adware). (In Japanese English, these are referred to as “ego apps.”) Examples of routines that may cause an app to be classified as such include:
- Consuming system resources
- Displaying pop-up advertising
- Violating the user’s privacy
Users who continue to use these apps may encounter unexpected behavior, and may suffer problems without any notice. These apps have both been getting plenty of attention lately. We will discuss the case of aggressive mobile adware in part 2 of this series of blog posts.
Law enforcement actions
On October 30, 2012, several police agencies in Japan arrested a number of suspects for violating the newly implemented cybercrime law. The Japan National Police Agency announced the arrest of five suspects, including an IT company executive for creating malicious apps. (Trend Micro detects these as ANDROIDOS_DOUGALEK variants and are known as ”the movie virus.”) In another case, the Kyoto Prefectural Police together with its Fushimi Police Station announced the arrest of one company executive who allegedly created the malicious apps Longer Battery Life, Signal Improvement, Sma Solar, Power Charge, or Solar Charge. We detect these as ANDROIDOS_CONTACTS variants.
In both of these incidents, the suspects targeted smartphone users in Japan. We hope that these arrests will act as an effective deterrent to these kind of cybercrimes. In this entry, I will look at the apps used in these attacks.