A new report from security firm Avast this morning revealed the discovery of a new form of malware on the Google Play store, which will begin displaying ads disguised as warnings to end users when they unlock their smartphone Android. What is interesting about this malware - or adware, as it is better known - is that some Applications where it was already discovered have a large number of facilities. For example, a card game application called Durak has 5-10 Million facilities according to data on Google Play.
Avast researcher says Filip Chytry, the malware has been paid to the company's attention by means of a commentary on the Avast forums, and initially he did not think much.
However, when further examination, he realized that the applications where the file was actually found have a broad target audience. Applications are available in the Anglo-Saxon countries and in other language versions as well, and have been downloaded by millions of users, assuming Google Play own data on the application installs is accurate.
In addition to the card game, other applications, including an IQ test and application of history were also found infected. Applications are different developers, but each has the same malware installed. The original intervening on Avast forums said he found the malware in a dozen infected Applications, and stressed several others.
Avast says it has analyzed the three mentioned here, and is currently researching more applications that behave like now. This means that adware that already has an installed base of millions, can in fact be even greater still.
The video below shows how it looks when the phone becomes infected :
The applications are pretty smart about how they present the ads, too. Instead start running ads immediately after installation, they wait for several days. In some cases, the ads do not appear until the application had been on the phone for a month.
"After 30 days, I guess not many people know what application is causing abnormal behavior on their phone, right?" Wrote Chytry.
Ads will also begin to appear until you restart your device at least once, he notes. Then, the ads appear whenever the end user unlocks their phone, with warnings that your machine is infected, or "update", or is full of porn. The user is then prompted to take action, but instead redirected to other applications from malicious software supports downloads, including those that send premium SMS to, or those who collect a ton of personal data .
Curiously, users were sometimes out mobile antivirus apps on Google Play - some legitimate businesses. For example, the antivirus vendor Quihoo 360 was one of the targets. It is unlikely that these companies market their services via adware, however. It is more likely that malware writers take advantage of a kind of reference system.
Avast said they are now in contact with the antivirus company receiving the redirects, and the company is currently studying the situation.
Obviously, using the Google Play Store to distribute malware is a violation of the Terms of Use of Google. We've reached out to Google to ask him if he was aware of the problem found Avast, and whether it will investigate or prevent Applications and developers to its App Store. Google's response, if provided, will be added to the post.
-------------------------
About Source
Posts
0 Comments:
Post a Comment