Android malware spreads via Facebook [VIDEO]



If you're using Facebook on your Android smartphone, you should be just as careful clicking on links as you would (hopefully) be on a desktop computer.
A few days ago I received a Facebook friend request and, as is usual, used my Android smartphone to check out the details of the person before I decided whether I wanted to become "friends" or not.
As the following video demonstrates, a link on the user's Facebook profile redirected my browser to a webpage that downloaded malware automatically onto my Android phone.




The malware package was called any_name.apk, and appears to have been designed to earn money for fraudsters through premium rate phone services.
Anyname malicious file
Alarm bells definitely rang when I noticed the app was using a class name which attempted to associate it with the legitimate Opera browser app:
com.opera.install
An encrypted configuration file inside the package includes the dialling codes for all supported countries (for instance, the UK is in there) and the premium rate number and text of the SMS message which it intends to send.
Although the app makes a pretence of informing you what it plans to do when you first run the program, it is being pushy in the extreme by installing itself without your permission.
What's even more suspicious is that when I revisted the url on my Android smartphone a few days later, I was redirected to another website which downloaded a different app (allnew.apk) which had the same functionality as the earlier sample, but was non-identical on a binary level.
Clearly someone is busy creating new variants of this malware.
Sophos products detect the malicious app as Andr/Opfake-C.
Take care everyone.


nakedsecurity.sophos.com

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.