Some of the apps discussed in this blog entry were developed with an older adware SDK that did not contain opt-in provisions, particularly regarding the ability to collect information and display ads outside of the original app. The adware SDK has since been updated to this capability to comply with Google’s developer policies; apps that use this newer version are no longer considered high-risk.
More details about this change can be found in our December 2012 Monthly Mobile Review: The Hidden Risk Behind Mobile Ad Networks.
Valentine’s Day is here, and once again, we remind users to be careful online during this special occasion, whether or not you have a reason to celebrate it. Several entries in this blog should have already established Valentine’s Day (or love in general) as a favorite topic used by cybercriminals, and this year is no exception. Granted, with today’s more digitally connected lives, other love- and relationship-related issues come to mind—online privacy and reputation management (do you share passwords with your loved ones?) and inappropriate content (sexting), to name a few—but looking at the data gathered through the global sensors of our Smart Protection Network™, the more, shall we say, “old-school” web threats are still getting some traction.
Below is a 30-day snapshot of hits to malicious sites and detected files with keyword “valentine” in it:
Figure 1. Malicious URL hits related to “valentine” from January to Feb. 14
Figure 2. Malware detections related to “valentine” from January to Feb. 14
The increasing trend as February 14 approaches is not surprising. Nor does the correlation between the file and web reputation; indeed, it seems that majority of the Valentine-related threats that affected users are Trojans that usually arrive via malicious sites. We can assume here that these users were searching for something Valentine-related, clicked a link, and the Trojan was downloaded automatically.
But what are these users actually looking for? “My Bloody Valentine” (which refers to pirated copies of both the movie and the music band) aside, several of the URL keywords we’ve seen still reflect the commercial side of Valentine’s Day. These range from coupons, to e-cards, to “last-minute gift ideas.” What is more interesting to note, though, is that some of these keywords reflect the user’s “post-PC” behavior: terms like “free download happy valentine day 2012 love quotes funny sms text” and the several “wallpaper backgrounds” or “animated gifs” were seen, indicating the shift of user behavior towards something more social (posting images and gifs in Facebook or Tumblr) and mobile (sending texts, MMS, etc.).
These commercial and social/mobile aspects are supported by some of the new threats we’ve seen recently. For instance, we’ve seen a special “Valentine promo” spam run related to replica watches:
Figure 3. Sample of Valentine’s Day spam run
Our researchers also noted that since January, they came across more than 200 phishing pages spoofing the popular online dating site match.com. Finally, we also came across a Valentine’s Day wallpaper app for Android named LoveHeart3D. Further analysis reveals that this actually a high-risk app detected as ANDROIDOS_LEADBLT.HRY. Aggressive mobile adware, as has been previously discussed, not only compromise user experience by putting unnecessary shortcuts or displaying ads beyond the app itself, they can also potentially leak user and device information.
Threats banking special on occasions like Valentine’s will not go away anytime soon. In fact, we’ve predicted that these, and other conventional threats, will be deployed in a more sophisticated manner, regardless of platform or device. That’s why it is always important for users to constantly update themselves with the latest security and threat information. Learn how social engineering works, for one. Or at the very least, know who your online enemies are. In the digital world, everyone, especially the cybercriminals, will say that they love you (and your information). But you should learn to love your digital self first to know better than fall into their traps.
Trend Micro Smart Protection Network protects users from this threat by blocking malicious sites and spam leveraging Valentine’s day. Trend Micro Mobile Security Personal Edition protects users from apps detected as ADNROIDOS_LEADBLT.HRY.