Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    August 2014
    S M T W T F S
    « Jul    
     12
    3456789
    10111213141516
    17181920212223
    24252627282930
    31  
  • About Us

    The Android Market was just recently renamed to Google Play and yet there are already cybercriminals taking advantage of this. We’ve spotted newly created domains that imitate the Google Play site and contain malicious apps.

    The malicious URL http://{BLOCKED}ay-google.ru displays a fake Russian Google Play site. When translated to English, the text reads: “ Download Google Play for Android Google Play is formerly known as the android market but now a vast and influential old android market combined with a store of books google ebookstore multi-format films and world music google music.

    Upon trying to select the clickable images in the site, I was led to another malicious Russian domain that offers suspicious Android apps. I tried to download the Google Play application, google-play.apk, from the URL http://{BLOCKED}ay-google.ru but it just points to malicious file detected as ANDROIDOS_SMSBOXER.AB. This leads to another malicious URL, http://{BLOCKED}-api.ru. 

    ANDROIDOS_SMSBOXER.AB is a premium abuser type of mobile malware. Such malware subscribes affected devices to premium services without the permission of the user, thus leading to unwanted charges.

    This particular malware is very similar to ANDROIDOS_OPFAKE.SME — an Android malware that made news last month for its ability to polymorph. However, similar to ANDROIDOS_OPFAKE.SME, the server that hosts ANDROIDOS_SMSBOXER.AB simply inserts unnecessary files into the APK in order to evade detection. According to Threats Analyst Kervin Alintanahin, the said routine technically can not be considered polymorphic behavior, especially since no significant change is done to the APK’s source code. Due to this, security software can still easily detect the malicious files.

    Aside from detecting the malicious .APK files, all of the related malicious URLs are already blocked through the Trend Micro Smart Protection Network. Trend Micro customers need not worry as ANDROIDOS_ SMSBOXER.AB is currently detected by Trend Micro Mobile App Reputation.

    If anything, this attack shows just how quick cybercriminals can adapt to the fast-changing mobile landscape. Users are strongly advised to practice extreme caution when dealing with apps and app stores in general. For more information on mobile threats, please check our Mobile Threat Information Hub.





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon






     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice