Lots of smartphone users are still unaware of the actual risks arising from the use of smartphones based on operating systems, and they have a tendency to underestimate their security risks. Be honest, how many of you check if an application you install on your phone comes from a trusted source? Do you check which permissions the applications has? How many of you install applications that have “cool icons” and don’t check anything else?
I’ve asked a few people these questions, and was totally surprised by their answers! Even IT geeks don’t read permissions of applications and they just click and install whatever they find. What’s WORSE is that most of them think they are secured without any security application.
Do you remember my last article? We identified something very similar, also coming from blog and upload services such as 4shared. It’s really strange how many hijacked and infected applications are offered through those services.
One month ago, I pointed out a really nasty malware that pretends to be a Google Play app. I looked into what the creators of that malware have been doing for the last month. They definitely haven’t been lazy.
For the last two weeks, we saw more mutations of similar malware, with similar behavior. It sends numerous paid SMS messages to premium numbers without the user being aware of it. They try to pretend it is some kind of wanted application, but you obviously don’t want that.
This malware hide themselves under legitimate-sounding names like Flash Player, Talking Tom Cat, Kaspersky Lite, etc. But many of the apps have something in common: The package name is the same in hundreds of them. But don’t worry, all of them are detected.
My phone is infected! What can I do?
This leads me to the most important point of this blog post. For those who still believe they are fine without antivirus protection on their smartphone, there are a few steps to follow when you realize your phone is acting strangely.
1) Switch off GSM module or take out your SIM card immediately. (This should disconnect your phone from the mobile network and prevent losing your money.)
2) Restore your phone back to factory setup. (Malware should be removed, as well as all your data.)
3) Put your SIM card back, and you can use your phone again.
Is there a safer and easier way to protect my smartphone?
Luckily, yes. Malware that we meet comes mostly from untrusted sources. People often put the name of a wanted application in their browser and just click on the first URL that comes up. That practice is, of course, really dangerous. The viruses mentioned above come from file sharing servers such as 4shared.com, filestube.com, rapidshare.com, fake blogs, or from fake Android stores. Those file sharing servers are suspicious sources and one should not download applications from there. Even on Google Play you can find a dangerous application once in a while, so you should be cautious even when you look for applications there!
Here’s a quick example. When you search for popular games, for example, “Asphalt 6 adrenaline скачать бесплатно” (free download in Russian language) in one of the top pages on Google you will find a pretty nasty blog full of repacked games but with a small gift in the form of a malware.
My recommendation is to use an antivirus program on your phone – for example, avast! Free Mobile Security – and download applications from less dangerous sources – for example, Google Play, Amazon.com, etc.
Android is one of the fastest growing platforms in the world. In the second quarter of this year there were more than 300 million active Android devices. The increase is almost 900,000 of new devices per day and still rising. These days Android occupies more than 60% of the mobile devices market! By the way there is around 300,000 newborn children a day all around the world, and this number constantly decreases.
Hand in hand with this trend goes the rise of applications and viruses for this platform. In the past week we noticed one of them that was especially tricky. At first look, it’s trying to act like a regular Google Play application, but that’s just an illusion. It is a fake application which not only downloads other fraudulent application, but it is also able to send premium text messages without user’s knowledge
After the installation it replaces the original Google Play from the menu and just waits for a first start from the user.
Immediately after the first start you are asked to update the program and there your troubles continue “Critical update, install new version, click the continue”.
After this step follows another nasty download from this link shows up:
After the installation of second aplication, your phone turns into a money sucking machine. Without your knowledge it starts sending premium messages on paid numbers. Luckily we caught this threat and Avast! detects both samples as Android:OpFake-BV.
This file is easily accessible from more than thirty malware pages, which are made to resemble various markets and download pages! But no worries Avast! users are protected even if you accidentally visit these pages.
avast! Free Mobile Security – the new anti-theft and anti-malware app from AVAST Software – has been installed by over one million smartphone users in just 16 days.
This threshold was crossed on January 6, only 16 days after avast! Free Mobile Security was placed in the official Android Market.
“This has been a really fast-paced launch, surpassing the results from competing products,” said Ondrej Vlcek, CTO for AVAST Software. “It required Lookout a full six months to reach the one-million level for their mobile security product.”
avast! Free Mobile Security is a full-featured anti-theft and anti-malware app for Android smartphones. Read more…
Just a couple weeks ago, Chris DiBona, Open Source Programs Manager for Google, claimed that no real malware exists and that “Virus companies are playing on your fears to try to sell you BS protection software for Android, RIM, and, iOS”. Well, let’s see about that.
Just a few hours ago, another group of malicious applications were removed from the official Android Market after we’ve alerted the Google’s security team to their presence. In addition to the official Android Market, these apps have also been available in around five “unofficial” markets. These are malicious apps that send premium SMS messages to numbers which users are charged a lot for. What’s more frightening is that this seems very similar to a case discovered just a few days ago. This one was was pointed out by Lookout mobile security and, as you can see in their blogpost, they were also talking about malicious apps that sent SMS messages to premium numbers. Clearly both groups of applications were created by the same person although published under different name.
Apps published by the developer Miriada Production may look like well known Android games (Angry birds, Need for speed, World of Goo and others) and users could be easily confused. Read more…