Video Screencast Help
Scheduled Maintenance: Symantec Connect is scheduled to be down Saturday, April 19 from 10am to 2pm Pacific Standard Time (GMT: 5pm to 9pm) for server migration and upgrade.
Please accept our apologies in advance for any inconvenience this might cause.

Scam Proves Privacy Concerns on Mobile Devices

Created: 28 Mar 2012 02:31:21 GMT • Updated: 23 Jan 2014 18:16:29 GMT • Translations available: 日本語
Irfan Asrar's picture
+3 3 Votes
Login to vote

It was only a few weeks ago that concerns were raised about the lack of restrictions on photo access on the Android platform. That is, no permissions were required to read an image file, which could lead to privacy leaks from unwitting users installing apps with malicious intent. It seems that a new variant of Android.Oneclickfraud identified in the wild proves that these concerns should not be underestimated.

As previously described, this type of fraud is an extortion scam that uses pornography to lure users into downloading a smart phone app. Once installed, the app harvests personal information and then opens a Web page. This page displays a fake registration, containing the harvested personal information, and then demands payment. If payment is not received, the page threatens to track the user down using the information that has been collected. The attacker’s hope is that victims will pay up out of feelings of shame for clicking the link, given the pornographic nature of the material.


Figure 1. Outgoing traffic details

Previous versions of Android.Onclickfraud were known to relay back a number of personal details. These include the device ID (a unique ID that identifies each Android device), GPS coordinates, the telephone number and the email accounts associated with the device. Such personal information gives the scammers the ability to create elaborate intimidation schemes.


Figure 2. Example of a victim reaching out for advice

The latest version of Android.Oneclickfraud takes these scare tactics one step further: it has the ability to upload images. It does this by taking advantage of the fact that the Android OS, by design, does not require apps to have any special permission to read images from a device. This, combined with additional permissions such Internet access, allows images to be remotely transmitted.


Figure 3. Upload routine

It appears the site the images were being transmitted to is currently offline, but based on our previous experience with Android.Oneclickfraud, we speculate that the images would be used as a component in creating more elaborate extortion tactics. For your security, applications not found on reputable locations should not be installed.