• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   adware

GhostTeam Adware can Steal Facebook Credentials
  • Posted on:January 18, 2018 at 12:03 am
  • Posted in:Malware, Mobile, Social
  • Author:
    Mobile Threat Response Team
0

We uncovered a total of 53 apps on Google Play that can steal Facebook accounts and surreptitiously push ads. Many of these apps, which were published as early as April 2017, seemed to have been put out on Google Play in a wave. Detected by Trend Micro as ANDROIDOS_GHOSTTEAM, many of the samples we analyzed are in Vietnamese, including their descriptions on Google Play.

Their command-and-control (C&C) server points to mspace[.]com[.]vn. This, along with the considerable use of Vietnamese language, may indicate that the apps were from Vietnam. For instance, GhostTeam’s configurations are in English and Vietnamese. English will be the default language if the malware detects the geolocation to be outside Vietnam.

Read More
Tags: adwareFacebookGhostTeam

GhostClicker Adware is a Phantomlike Android Click Fraud
  • Posted on:August 16, 2017 at 8:52 am
  • Posted in:Mobile, Social
  • Author:
    Mobile Threat Response Team
0

We’ve uncovered a pervasive auto-clicking adware from as much as 340 apps from Google Play, one of which, named “Aladdin’s Adventure’s World”, was downloaded 5 million times. These adware-embedded applications include recreational games, device performance utilities like cleaners and boosters, and file managers, QR and barcode scanners, multimedia recorders and players, device charger, and GPS/navigation-related apps.

While the majority of the said apps have been taken down, 101 were still downloadable as of August 7, 2017. Our detections/sensors saw the prevalence of this adware in Southeast Asian countries as well as Brazil, Japan, Taiwan, Russia, Italy, and the U.S.

Read More
Tags: adwareandroidGhostClicker

A Case of Misplaced Trust: How a Third-Party App Store Abuses Apple’s Developer Enterprise Program to Serve Adware
  • Posted on:September 12, 2016 at 4:54 am
  • Posted in:Mobile, Social
  • Author:
    Trend Micro
0

For bogus applications to be profitable, they should be able to entice users into installing them. Scammers do so by riding on the popularity of existing applications, embedding them with unwanted content—even malicious payloads—and masquerading them as legitimate. These repackaged apps are peddled to unsuspecting users, mostly through third-party app stores.

Haima exactly does that, and more. We discovered this China-based third-party iOS app store aggressively promoting their repackaged apps in social network channels—YouTube, Facebook, and Twitter—banking on the popularity of games and apps such as Minecraft, Terraria, and Instagram to lure users into downloading them.

Read More
Tags: adwareiOSMobilePokemon Gorepackaged apps

Flashlight App Spews Malicious Ads
  • Posted on:May 16, 2016 at 5:22 am
  • Posted in:Mobile
  • Author:
    Kenny Ye (Mobile Threat Response Engineer)
0

Not all Android phones come with a built-in flashlight feature in its operating system. Users would have to download flashlight apps to have this utility on their phone. Chances are, these apps will come with updates and ads. Imagine that, flashlights with updates and ads. And while this may seem normal with how apps operate, one flashlight app that’s available in Google Play shows ads that goes beyond the annoying and tells users that their mobile unit is infected with malware.

Super-Bright LED Flashlight on its own is a safe application. However, when a user runs the app, a webpage opens and tells that their device is infected with malware and has a broken battery. The webpage also advises users to install an Android optimizer and anti-virus app to resolve these issues. When we checked the app, the ad was not part of its routine.

Read More
Tags: adwaremobile malware

The Fine Line Between Ad and Adware: A Closer Look at the MDash SDK
  • Posted on:April 2, 2015 at 3:58 pm
  • Posted in:Malware, Mobile
  • Author:
    Seven Shen (Mobile Threats Analyst)
0

Just last month, there were reports that Google removed three apps from its Play Store as they were discovered to be adware in disguise. At the time of the discovery, the apps were said to have been downloaded into millions of devices, based on data from the app stores. However, these were not the only apps with…

Read More
Tags: ad SDKadwareandroidappMDashMDash SDKMobiDashMobiDash SDKMobileSDK
Page 1 of 412 › »

Security Predictions for 2018

  • Attackers are banking on network vulnerabilities and inherent weaknesses to facilitate massive malware attacks, IoT hacks, and operational disruptions. The ever-shifting threats and increasingly expanding attack surface will challenge users and enterprises to catch up with their security.
    Read our security predictions for 2018.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Popular Posts

  • Viro Botnet Ransomware Breaks Through
  • New CVE-2018-8373 Exploit Spotted
  • Spam Campaign Abusing SettingContent-ms Found Dropping Same FlawedAmmyy RAT Distributed by Necurs
  • Advisory: BlueBorne Reportedly Affects Billions of Bluetooth-Enabled Devices
  • A Closer Look at the Locky Poser, PyLocky Ransomware

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.