Deceptive vendors of PUAs (Potentially Unwanted Applications) continue relying on a multitude of traffic acquisition tactics, which in combination with the ubiquitous for the market segment ‘visual social engineering‘, continue tricking tens of thousands of users into installing the privacy-violating applications. With the majority of PUA campaigns, utilizing legitimately looking Web sites, as well as deceptive EULAs (End User License Agreements), in 2014, the risk-forwarding practice for the actual privacy-violation, continues getting forwarded to the socially engineered end user. We’ve recently intercepted a rogue portfolio consisting of hundreds of thousands of blackhat SEO friendly, legitimate applications, successfully exposing users to the Sevas-S PUA, through a […]
Posts Tagged: rogue
By Tyler Moffitt We see users on the internet getting infected with Rogue Security Malware all the time. In fact, it’s one of the most common and obvious type of infections we see. The Rogues lock-down your computer and prevent you from opening any applications so you’re forced to read their scam. Although they use various tactics and convincing GUIs to get onto your computer, they all share a common goal: To get your money.
By Joe McManus Last week Adobe announced that they would no longer be supporting Flash for Android. Adobe will be removing Flash from the Android Marketplace and users should be wary of fake Flash apps for their Android Devices. Now to be fair to Adobe, they are not taking flash away from the Android platform but are focusing on the Adobe AIR cross platform runtime environment http://www.adobe.com/products/air.html. The reason Adobe is switching to AIR is to allow app developers to write one program for use on iOS and Android devices. Let’s look at some of the fake Flash apps for […]
by Nathan Collier Recently we found new apps in alternative Chinese markets that we are considering a Potentially Unwanted Application (PUA). We are calling these apps Android.PUA.SMS.QuickPay. Lets look at a sample of this app. The sample we will look at is an app called “Screen Detection” which is an app that helps find dead pixels on your screen by displaying the colors red, green, blue, black, and white making it easy to see the dead pixel in contrast to these colors. Pretty simple app. Within a few seconds of opening the app this message pops up: “Activate the full […]
by Armando Orozco We’ve been tracking rogue premium-sms Android apps for sometime now. Here’s an interesting site we came across offering a download of the Google Music application, but this one comes with a cost. This site serves up a premium-sms Trojan of the ransom variety. Targeting Russian speakers these Rogue’s, we call Android.FakeInst, offer to give access to the app but for a fee.
Websites Hosting Android Trojans By Armando Orozco and Nathan Collier Rogue Android apps are making their way into alternative markets. Yes, we’ve seen some malicious apps trickle through and they can be elusive. But we’re now seeing markets that are only hosting malware. These rogues are of the premium rate SMS variety and request the user to send a bounty if they want the app. The interesting thing is that the websites they’re hosted on are very well put together and you can see that a great deal of time was put into creating them. The Websites These well-crafted […]
By Jeff Horne On December 11, 2009, users of Twitter submitted questions to Webroot’s Director of Threat Research, Jeff Horne, as part of a live Q&A session. Webroot’s Twitter followers asked questions about connecting safely to the Internet while traveling during the holidays. A variety of questions came in live, with some others through direct messages in advance, and one non-twitter user asked a question via Webroot’s Facebook page. The interview was tracked using the #webroot hashtag, which has been omitted from the tweets to make them easier to read. We’ve posted a transcript of the Q&A on the following […]
By Andrew Brandt and Brenden Vaughan As we’ve seen for the past several months, a celebrity ended up the top news story, which started a cascade of malware distributors racing to get their driveby pages to the top of search results. Today’s victim/subject is Roman Polanski, the renowned film director arrested on decades old charges of statutory rape. This kind of gossipy, tabloid headline is like candy for rogue antivirus distributors. We began our search the minute we found out the news, and yes, within about half an hour of the story breaking, the pages began appearing in the search […]
In the course of surfing around, looking for ways to get infected, I stumbled upon a site that offers visitors downloads of key generators, cracks, and other ways to circumvent the process used by most legitimate software companies to prevent people who didn’t pay for the software from registering or using it. And of course, I stumbled into a morass of malware. Well, “stumbled” isn’t entirely accurate. The site is well-known to us as a host of drive-by downloads — it’s a site that uses browser exploits to infect your computer. But I went there anyway just to see what […]