Some of the apps discussed in this blog entry were developed with an older adware SDK that did not contain opt-in provisions, particularly regarding the ability to collect information and display ads outside of the original app. The adware SDK has since been updated to this capability to comply with Google’s developer policies; apps that use this newer version are no longer considered high-risk.
More details about this change can be found in our December 2012 Monthly Mobile Review: The Hidden Risk Behind Mobile Ad Networks.
Valentine’s Day is here, and once again, we remind users to be careful online during this special occasion, whether or not you have a reason to celebrate it. Several entries in this blog should have already established Valentine’s Day (or love in general) as a favorite topic used by cybercriminals, and this year is no exception. Granted, with today’s more digitally connected lives, other love- and relationship-related issues come to mind—online privacy and reputation management (do you share passwords with your loved ones?) and inappropriate content (sexting), to name a few—but looking at the data gathered through the global sensors of our Smart Protection Network™, the more, shall we say, “old-school” web threats are still getting some traction.
Below is a 30-day snapshot of hits to malicious sites and detected files with keyword “valentine” in it:
Figure 1. Malicious URL hits related to “valentine” from January to Feb. 14
Figure 2. Malware detections related to “valentine” from January to Feb. 14
The increasing trend as February 14 approaches is not surprising. Nor does the correlation between the file and web reputation; indeed, it seems that majority of the Valentine-related threats that affected users are Trojans that usually arrive via malicious sites. We can assume here that these users were searching for something Valentine-related, clicked a link, and the Trojan was downloaded automatically.
But what are these users actually looking for? “My Bloody Valentine” (which refers to pirated copies of both the movie and the music band) aside, several of the URL keywords we’ve seen still reflect the commercial side of Valentine’s Day. These range from coupons, to e-cards, to “last-minute gift ideas.” What is more interesting to note, though, is that some of these keywords reflect the user’s “post-PC” behavior: terms like “free download happy valentine day 2012 love quotes funny sms text” and the several “wallpaper backgrounds” or “animated gifs” were seen, indicating the shift of user behavior towards something more social (posting images and gifs in Facebook or Tumblr) and mobile (sending texts, MMS, etc.).