Here at Webroot, we are constantly on the lookout for malevolent Android apps. In most cases, you do something malicious with your app and you get marked accordingly, but it’s not always that simple. Two weeks ago an app called “Virus Shield” popped up on the Google Play store. Within days, Virus Shield became Google Play’s #1 paid app. With thousands of reviews and a 4.7 star rating, who would question it? Well, a few people did, the code was looked at, and Google pulled it from the store. They have even gone as far as to make amends with those […]
Posts Categorized: Android
The threat landscape today is very different from a few years ago. With an increasingly creative number of threat vectors through which to launch an attack, it has never been more challenging to secure our data and devices in all the ways we connect. In today’s hyper-dynamic landscape, well over 8 million malware variants are discovered each month. The majority are financially motivated, very low in volume and very sophisticated. On the mobile front, cybercriminals have shown a clear focus on compromising devices made evident by an explosion in the discovery of malicious mobile apps and websites. Also on the […]
In the marketing world, it’s widely known sex sells. This is so true the “adult” industry is a multi-billion dollar industry. This is also why malware authors have long used adult content to attract unwitting victims. Lately, this threat researcher has seen way too much of it. There has been an influx of Trojan-like APKs using adult content to trick users into sending premium SMS messages. Let’s take a deeper look at one of these apps. When you open the app it displays a page showing “GET IT NOW” in the middle, and “NEXT” at the lower right corner. If […]
It’s that time of the year! The moment when we reflect back on the cybercrime tactics, techniques and procedures (TTPs) that shaped 2013, in order to constructively speculate on what’s to come for 2014 in terms of fraudulent and malicious campaigns, orchestrated by opportunistic cybercriminal adversaries across the globe. Throughout 2013, we continued to observe and profile TTPs, which were crucial for the success, profitability and growth of the cybercrime ecosystem internationally, such as, for instance, widespread proliferation of the campaigns, professionalism and the implementation of basic business/economic/marketing concepts, improved QA (Quality Assurance), vertical integration in an attempt to occupy […]
The most recent and interesting threats we see are more or less “evolved” forms of previous threats, including those originating from the PC side. People have been “spoofing” parts of apps, such as code, appearance, or digital certificates, since Android malware first started appearing. The MasterKey exploit was a whole new way to modify the app without even having to spoof anything (since this was the exploit which allowed applications to be changed without invalidating the existing digital signature). It’s also very interesting to see how threats like Zitmo or RAT-type apps seem to get better and better at mirroring […]
We’ve just intercepted a currently active malicious campaign, relying on redirectors placed at compromised/hacked legitimate Web sites, for the purpose of hijacking the legitimate traffic and directly exposing it to multi mobile OS based malicious/fraudulent content. In this particular case, a bogus “Browser Update“, which in reality is a premium rate SMS malware.
Thanks to the growing adoption of mobile banking, in combination with the utilization of mobile devices to conduct financial transactions, opportunistic cybercriminals are quickly capitalizing on this emerging market segment. Made evident by the release of Android/BlackBerry compatible mobile malware bots. This site is empowering potential cybercriminals with the necessary ‘know-how’ when it comes to ‘cashing out’ compromised accounts of E-banking victims who have opted-in to receive SMS notifications/phone verification, whenever a particular set of financial events take place on their bank accounts. A new commercially available Android, BlackBerry (work in progress) — supporting mobile malware bot is being pitched by […]
Back in June, 2013, we offered a peek inside a DIY Android .apk decompiler/injector that was not only capable of ‘binding’ malicious Android malware to virtually any legitimate app, but also, was developed to work exclusively with a publicly obtainable Android-based trojan horse. In this post, I’ll profile a similar, recently released cybercrime-friendly Windows-based tool that’s capable of generating malicious ‘sensitive information stealing’ Android .apk apps, emphasize on its core features, and most importantly, discuss in depth the implications this type of tool could have on the overall state of the Android malware market. More details:
By Nathan Collier Last Friday we blogged about the radical Android OS bug 8219321, better known as the “Master Key” bug, which was reported by Bluebox Security. Check out last weeks blog if you haven’t already: “The implications are huge!” – The Master Key Bug. We mentioned how we have been diligently working on protecting those not yet covered by patches or updates, and finding a solution for older devices as well. We are happy to report we have the solution! The newest version of Webroot SecureAnywhere Mobile with a patch for the “Master Key” bug can be found on the […]
By Nathan Collier and Cameron Palan Last week, Bluebox Security reported they’d found a new flaw with the Android OS, saying “The implications are huge!”. The bug, also known as the “Master Key” bug or “bug 8219321”, can be exploited as a way to modify Android application files, specifically the code within them, without breaking the cryptographic signature. We call these signatures the “digital certificate”, and they are used to verify the app’s integrity. Since the bug is able to modify an application and still have the certificate appear valid, it is a big deal.