Malware-infected apps sneak into Google Play, leave Android devices wide open for attacks
The apps 'Viking Jump', 'WiFi Plus', 'Parrot Copter', 'Memory Booster', and 'Simple 2048' contain malicious components that begin their activity post their initial launch. Two binaries named like Android system files are installed on the storage, with one used for exchanging information between the malware's parts, and the other keeping a list of all its components. The virus checks for root permissions, and if your device is rooted, two additional components are installed for the attackers' purposes. Regardless of whether you have root access or not, the malware will connect to its command and control server, sending the device's battery charge, type of data connection, and phone number.
Download top-ranked app, get infected. No extra in-app purchases required!Finally, the server opens a proxy connection capable of sending and receiving information between server and device according to the hacker's whim. In this campaign's case, devices are hijacked to simulate clicks on online advertisements and generate profit. Some of the applications also send premium SMS messages, and the proxy allows for DDoS attacks, spamming, and remote code execution. Your device pretty much becomes the hacker's puppet.
Checkpoint Security traced 44% of the infections to Russia, which is explained by the prevalence of Android 4.4 in the country. Later operating system versions (Lollipop and Marshmallow) have stricter permissions control, thus the malware which relies on very suspicious permission sets is less likely to get past observant users. Alas, the researchers haven't made recommendation about anything you could do in the event of infection. Hopefully, a decent antivirus app will be able to bring things back in order.
Posts: 14967; Member since: Sep 25, 2013
posted on May 18, 2016, 8:17 AM 10
Posts: 713; Member since: Sep 19, 2014
posted on May 18, 2016, 10:17 AM 4
posted on May 18, 2016, 11:35 AM 5
Posts: 520; Member since: Jun 22, 2015
posted on May 18, 2016, 8:29 AM 5
Posts: 5029; Member since: Mar 30, 2015
posted on May 18, 2016, 3:02 PM 3
Posts: 127; Member since: Jul 22, 2009
posted on May 18, 2016, 8:34 AM 4
Posts: 7520; Member since: Feb 17, 2016
posted on May 18, 2016, 8:39 AM 6
Posts: 399; Member since: May 02, 2016
posted on May 18, 2016, 11:07 AM 0
PhoneArena Comments Rules
A discussion is a place, where people can voice their opinion, no matter if it is positive, neutral or negative. However, when posting, one must stay true to the topic, and not just share some random thoughts, which are not directly related to the matter.
Things that are NOT allowed:
- Off-topic talk - you must stick to the subject of discussion
- Trolling - see a description
- Flame wars
- Offensive, hate speech - if you want to say something, say it politely
- Spam/Advertisements - these posts are deleted
- Multiple accounts - one person can have only one account
- Impersonations and offensive nicknames - these accounts get banned
Moderation is done by humans. We try to be as objective as possible and moderate with zero bias. If you think a post should be moderated - please, report it.
Have a question about the rules or why you have been moderated/limited/banned? Please, contact us.
Send a warning to post author
Send a warning to Selected user.
The user has 0 warnings currently.
Next warning will result in ban!
Ban user and delete all posts
Message to PhoneArena moderator (optional):