Google Play: Whats the newest threat on the official Android market?
Official app stores are the primary sources to finding and downloading apps. Experts advise users to stay within the official app stores as they are approved ecosystems, which are widely recognized as safe. But are these sources really trustworthy? Some experts, however, claim that "Android malware is non-existent and security companies just try to scare us. Keep calm and don‘t worry.“ So which is it?
We've already blogged about plenty of threats that sneak onto your device from trusted sources, but here we have a really fresh one, one that is still undetected by other security vendors. An Application called Cámara Visión Nocturna (package name: com.loriapps.nightcamera.apk), which is still available in the Google Play Store as I am writing this post, is something you definitely don't want to have on your Android device.
Starting with the application's permissions you might notice there are some unusual requests for an app that should be able to work only using your camera.
<uses-permission android:name="android.permission.CAMERA" />
<uses-feature android:name="android.hardware.camera" />
<uses-feature android:name="android.hardware.camera.autofocus" />
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" />
<uses-permission android:name="android.permission.RECORD_VIDEO" />
<uses-permission android:name="android.permission.RECORD_AUDIO" />
<uses-permission android:name="android.permission.RECEIVE_SMS" />
<uses-permission android:name="android.permission.WRITE_SMS" />
<uses-permission android:name="android.permission.READ_SMS" />
<uses-permission android:name="android.permission.GET_ACCOUNTS" />
<uses-permission android:name="android.permission.INTERNET" />
"GET_ACCOUNTS" or WRITE_SMS" is something bit suspicious for a video recording app. So my colleague Chrysaidos Nikolaos, who freshly joined our Avast VirusLab (Welcome buddy, we are glad to have you on-board), and I decided to do some digging to get some more information. The app tries to parse phone numbers from applications such as Whatsapp or ChatOn in order to subscribe them to a premium messaging service.
After it obtains phone numbers, it sends them to server in order to register them to a premium SMS list.
And fasten your seat belts, here it comes: You've been charged for approximately 2€(2.8$)! For what you ask? For nothing. Hurray! That's how we would all like to earn money, isn't it? Smooth and fast. :) But thats not all, unfortunately. The app is also capable of sending more of these SMS, until it reaches 36€ (50$) a month. Then you recieve an SMS from "797080", which should postpone the premium SMS sending. But have no fear, AVAST detects it as Android:FakeCam so avast! Mobile Security users are safe.
Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on Facebook, Twitter and Google+. Business owners – check out our business products.
How Avast uses big data and machine learning to protect you
Far from sci-fi depictions, artificial intelligence – through machine learning algorithms and big data – is key to defusing today's evolving cyberthreats.