Attackers Launch Fake App Store

Monday, July 23, 2012 @ 01:07 PM gHale

If a person feels they have a great product, but they just can’t seem to break in and find home for it, then sometimes they have to go out and create their own business.

The same is true for hackers. They can’t get their mobile apps into a legitimate store, then they are creating their own app store to help spread their malicious product.

Bandwith Burning Malware Grows
Malware Explosion: Android Skyrockets
Android Malware Broadcasts Location
Android Trojan Hits China

Whether that scenario is true or not is still under investigation, but there is one third-party app market that is offering free apps where they are all a Trojans.

Microsoft is calling the underlying Trojan Android app SMSFakeSky, and said the focus is to target Russian-speaking users. “It poses as a legitimate application, so when you try to install the Trojan, it may ask you for permissions to run,” according to Microsoft’s malware analysis.

The app will request permission to read a user’s sent and received SMS and MMS messages, to see the user’s location, have full Internet access capabilities, modify and delete the contents of removable storage, and to gather all information related to phone calls. The app also typically requests permission to download further required software, such as Adobe Flash Player, although even this installation will be just another version of the Trojan app in disguise.

Android permission requests should give Android users pause, prompting them to ask: “Is the app that wants full Internet access legitimate, or really malware?” But if attackers can trick a user via a social-engineering attack into downloading a “Skype” app that they think is real, then it’s likely that they’ll grant the malicious app whatever permissions it requests. In addition, the number of different permissions requested is no giveaway, given the “excessive permissions” requested by legitimate Android apps.

Once the disguised SMSFakeSky receives those permissions, it executes. “When it runs, the Trojan displays a fake progress bar, so as to appear as though it is downloading an app to your mobile device,” Microsoft said. “It then displays a URL to a supposed statement of agreement, but you cannot access this link. When you click the ‘Agree’ button, the Trojan will send multiple SMS messages to premium numbers at your expense.”

The malware’s use of prompts helps hide what it’s really doing. “The deception behind the UI [user interface] controls is difficult for users to detect. It is likely that the malicious activity would cause mobile charges before the victim notices it, and this creates a large incentive for cyber criminals to continue perpetrating this fraud,” said a blog post from Methusela Cebrian Ferrer at the Microsoft Malware Protection Center.

Leave a Reply

You must be logged in to post a comment.