Over 100 Android Apps Found with Adware that Harm End-users
Researchers from Dr. Web a security and anti-virus company unearthed over 100 Android applications which are contaminated with certain adware Trojan named Android.Spy.277.origin which consists of several spyware functionalities. The malware-contaminated apps masquerade as widely-used applications as well as have been taken down from the Web 3,200,000 times. Commonly, the mentioned apps have been designed to be copycats of more widely-used games and applications, with a few not even displaying the features that were originally advertised.
On activating the said apps, the infected device's information and the victimized user's private information are uploaded onto the attacker's C&C infrastructure. These uploaded information comprise the operating system's name, e-mail id of user account on Google, IMEI identification No., CPU type, geo-location details, device's phone No., network connection form, carrier of mobile network, version of software creation toolkit, root access provision, Cloud Messaging address of Google, if there are admin rights for the malicious app, and name of contaminated app. Scmagazine.com posted this, April 5, 2016.
Whenever an end-user starts an application, the above information is again uploaded onto the attacker's command and control server together with the application's moniker. Simultaneously, the malevolent application asks for further instructions. The malicious program tells the infected end-user for taking down more apps for which it shows pop-up ads pretending to be notifications that alert about device problems, in particular destroyed battery. Advertisements pretending to be notifications commonly lead adware victims onto associate apps. There maybe more malware on such associate apps.
The command-and-control system may ask it to display advertisements through the notification section, through interstitial pop-ups, through notification bar, alternatively for creating shortcuts on home screen of the end-user. The pop-ups and shortcuts would then open web-links within browser of the end-user, the Facebook application and Google's Play Store.
Usually the advertisements attempt at scaring end-users into loading other applications that affiliate programs may promote, thereby yielding money to the malware's owner. Android.Spy.277.origin too is attempting at loading other applications having the identical infection, in order that incase an end-user is able in finding that particular application which shows these ads, one more like it can emerge and get installed.
» SPAMfighter News - 4/11/2016