Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    June 2013
    S M T W T F S
    « May    
     1
    2345678
    9101112131415
    16171819202122
    23242526272829
    30  
    • About Us
    Trendlabs Security Intelligence > Malicious Mobile Apps Found in Server Hosted in Germany

    We’ve recently found a server that hosts a great number of sites that are used to launch mobile malware, targeting Android OS and Symbian (specifically the J2ME platform).

    The server, located in Germany, is managed by a hosting provider known as a haven for cyber criminals.

    We found a total of 1,351 websites hosted on the said server and categorize the sites into five segments based on the type of guise they use for the distributed malware:

    • Android Market apps
    • Opera Mini/ Phone Optimizer apps
    • Pornographic apps (sites were unavailable during time of checking)
    • App storage sites
    • Others (sites that were inaccessible during time of checking)

    As for the unavailable sites, it seems that the attacker is still setting them up, or has permanently taken them down. The domains listed under App storage sites, which hosts Apps featured in the other domains, are inaccessible. However, the hosted Apps were still up thus making them available for download through the Android Market App and the Opera Mini/Photo Optimizer App sites.

    The sites under Android Market apps displayed a website very much similar to the legitimate one. They feature popular applications like WhatsApp, Facebook, Facebook Messenger, Barcode Scanner, Skype, Google Maps, Gmail, YouTube, and others. The files downloaded from such sites are now detected as ANDROIDOS_FAKENOTIFY.A.

    On the other hand, the sites that feature download links for Opera Mini and Phone Optimizer lead to J2ME_SMSSEND.E - a malware that can run on devices that support MIDlets.

    Among all the categories mentioned, most of sites promoted Opera Mini updates and Photo Optimizer Apps compared with others. Here is a graph showing the distribution of domains based on the categories:

    This particular cybercriminal operation presents some interesting findings. Here we saw that the attackers are not necessarily targeting only one platform. Based on the targeted platform, we also saw that cybercriminals use different social engineering lures. Also, despite the emergence and prevalence of platforms such as Android and iOS,  the Symbian platform still seems to be targeted as well.

    Trend Micro Mobile Security users (both Android and Symbian) are already protected from this threat. All of the malicious domains and files are blocked and detected respectively.





    Share this article
    		 Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon



    This entry was posted on Tuesday, February 7th, 2012 at 4:26 am and is filed under Mobile . Both comments and pings are currently closed.





     

    Other Trend Micro blogs
    CTO Insights
    CounterMeasures Blog
    Cloud Security Blog
    Consumerization Blog
    Fearless Web
    Internet Safety for Kids & Families
    Simply Security News
    Trend Micro Blog [German]
    TrendLabs Security Blog [Japan]
    Cloud Security APAC
    Trend Micro Free Tools Threat Encyclopedia Trend Micro Videos
    Do you have a product-related question? Visit our eSupport website.

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice