We found an EXE application that specifically runs on Mac to download an adware and info stealer, sidestepping built-in protection systems on the platform such as Gatekeeper. We suspect the cybercriminals developing this routine as an evasion technique for damaging infections and attacks in the future as our telemetry showed the highest numbers to be in the UK, Australia, Armenia, Luxembourg, South Africa and the US.
Read More
We recently discovered an active adware family (detected by Trend Micro as AndroidOS_HidenAd) disguised as 85 game, TV, and remote control simulator apps on the Google Play store. This adware is capable of displaying full-screen ads, hiding itself, monitoring a device’s screen unlocking functionality, and running in the mobile device’s background. The 85 fake apps have been downloaded a total of 9 million times around the world.
Read More
We uncovered a total of 53 apps on Google Play that can steal Facebook accounts and surreptitiously push ads. Many of these apps, which were published as early as April 2017, seemed to have been put out on Google Play in a wave. Detected by Trend Micro as ANDROIDOS_GHOSTTEAM, many of the samples we analyzed are in Vietnamese, including their descriptions on Google Play.
Their command-and-control (C&C) server points to mspace[.]com[.]vn. This, along with the considerable use of Vietnamese language, may indicate that the apps were from Vietnam. For instance, GhostTeam’s configurations are in English and Vietnamese. English will be the default language if the malware detects the geolocation to be outside Vietnam.
Read More We’ve uncovered a pervasive auto-clicking adware from as much as 340 apps from Google Play, one of which, named “Aladdin’s Adventure’s World”, was downloaded 5 million times. These adware-embedded applications include recreational games, device performance utilities like cleaners and boosters, and file managers, QR and barcode scanners, multimedia recorders and players, device charger, and GPS/navigation-related apps.
While the majority of the said apps have been taken down, 101 were still downloadable as of August 7, 2017. Our detections/sensors saw the prevalence of this adware in Southeast Asian countries as well as Brazil, Japan, Taiwan, Russia, Italy, and the U.S.
Read More For bogus applications to be profitable, they should be able to entice users into installing them. Scammers do so by riding on the popularity of existing applications, embedding them with unwanted content—even malicious payloads—and masquerading them as legitimate. These repackaged apps are peddled to unsuspecting users, mostly through third-party app stores.
Haima exactly does that, and more. We discovered this China-based third-party iOS app store aggressively promoting their repackaged apps in social network channels—YouTube, Facebook, and Twitter—banking on the popularity of games and apps such as Minecraft, Terraria, and Instagram to lure users into downloading them.
Read More