[FSec] Google Play Fails to Remove All Super Mario Malware

Newsfeed

Nachrichtenbote
Malware has been found once again on Google Play according to this post by Symantec's @Irfan_Asrar.

Android.Dropdialer poses as a "Wallpaper" app but it also happens to install an additional app which then sends a premium rate SMS. Asrar analyzed two versions found on Play that used video games as bait.

Good news: Android Security removed the apps identified by Asrar.

Bad news: there are more malware apps currently on Google Play.

When something works once, bad guys will try it again.

With that in mind we used Google Search and we found more examples (in less than 10 seconds).

GooglePlaySearch.png


Here's another version of the "Super Mario Bros." app:



GTA 3: Las Vegas (Asrar located a Moscow City version):

VahtangMaliev_GTA3LasVegas.png


Instagram After Effects:

VahtangMaliev_Instagram.png


FIFA 11 Russian Edition:

VahtangMaliev_FIFA11.png


Odnoklassniki Life:

VahtangMaliev_Odnoklassniki.png


Here's something clever…

Premium rate SMS numbers only work within a particular country. So, this malware is "incompatible" outside of profitable networks.

appisincompatible.png


This limits the malware to its target group, as well as making it more difficult for antivirus researchers to collect samples.

Kudos to Asrar for identifying the threat. Better luck next time to "Android Security".
On 11/07/12 At 11:43 AM

Weiterlesen...
 
Zurück
Oben