Video Screencast Help
Search Video Help Close Back
to help

Security Response

Showing posts tagged with Android
Showing posts in English
Japanese One-Click Fraud on Google Play Leads to Data Stealing App
Joji Hamada | 16 May 2013 10:07:30 GMT | 0 comments

Since the beginning of the year, a Japanese one-click fraud campaign has continued to wreak havoc on Google Play. The scammers have published approximately 700 apps in total since the end of January. The apps are published on a daily basis and the scammers have invested around US$4,000 in order to pay the US$25 developer fee to publish apps on Google Play.

fig1.png

Figure 1. Total number of developers and apps developed

Dealing with the fraudulent apps has really become a game of cat and mouse. Once the apps are removed from Google Play, the scammers simply publish more under new developer accounts. These are again removed shortly afterwards, but the scammers simply continue to publish more. Most of the apps are removed on the date of publication,...

Read more
Android.Uracto Used to Trick Mothers, Anime Fans, Gamers, and More
Joji Hamada | 18 Mar 2013 16:45:32 GMT | 0 comments

Earlier today, we blogged about Android.Uracto, a malicious app that sends spam SMS messages in an attempt to infect others or scam users into paying a fee for a non-existing service. We continued doing further investigation on the attack and this has led us to discover more apps prepared by the same group of scammers. So far we have been able to find a total of 10 apps hosted on a few dedicated domains believed to be maintained by the group. The servers hosting the domains appear to be located in Singapore and in Georgia in the United States. They are currently still live at the time of this writing.
 

Figure 1....

Read more
Android Malware Spams Victim’s Contacts
Joji Hamada | 18 Mar 2013 10:59:34 GMT | 0 comments

SMS messages attempting to lure Android device owners to download an app that supposedly allows the camera on the device to see through clothes are circulating in Japan. This type of spam is usually sent by the malware authors themselves, but in this case the authors have developed an app to send the spam messages by SMS to phone numbers stored in the device’s Contacts. This allows the recipients of the spam to be tricked easier because the invitation to download the app is coming from someone they know rather than from an unknown sender. If a friend is recommending an app, why would you not at least try it out, right?

Figure 1. SMS message sent from a person whose device is compromised

The site where the link takes the user to introduces an app called Infrared X-Ray that supposedly allows the...

Read more
Android.Enesoluty Adds a User Agreement
Joji Hamada | 10 Dec 2012 18:56:23 GMT | 0 comments

Recently, I wrote a blog describing the current status of Android malware thriving in Japan and much of the focus was on one particular family: Android.Enesoluty. I don’t know whether the authors of Android.Enesoluty read the blog or came across a news article discussing the content of it, but a few days later the app sites distributing the malware contained a user agreement. This was most likely done in an attempt to make the apps legal and ultimately avoid an arrest and prosecution as the Japanese authorities increase their pursuit of Android malware creators.

Until recently, the app pages hosting Android.Enesoluty only contained false descriptions of the apps, fake download counts, fake reviews, and links that download the apps. They did not have anything with regard to a user...

Read more
Millions Download SMS Spoofing Code Found on Google Play
Mario Ballano | 05 Nov 2012 19:52:59 GMT | 0 comments

A few days ago, researchers from North Carolina State University published a video demonstrating how an app can simulate the reception of a text message from a spoofed source. SMS spoofing can be used for a number of malicious intentions, including SMS phishing attacks (SMSishing), which could trick someone into providing banking credentials or subscribing to paid services.

The code to perform this action has been publicly documented and in use since August, 2010. However, we have not yet found any instances that use the code for an SMSishing attack. Instead, the vast majority of apps use the code to deliver advertisements, including a couple hundred applications hosted on Google Play.

To send a spoofed SMS message there is no need to send a text message over the air. In fact, a...

Read more
Loozfon Malware Targets Female Android Users
Joji Hamada | 23 Aug 2012 23:18:38 GMT | 0 comments

When it comes to targeting the sexes, generally malware has targeted men by enticing them to view videos or pictures of sexual content—Android malware is no different. For instance, Android.Oneclickfraud attempts to coerce a user into paying for a pornographic service and certain Android.Opfake variants are designed to allow users to view adult videos, but secretly send SMS texts to premium-rate numbers in the background. Recently, however, Symantec discovered Android.Loozfon, a rare example of malware that targets female Android users.

A group of scammers is attempting to lure female Android users in Japan into downloading an app by sending emails stating how the recipient can easily make...

Read more
New Android Malware Spotted on Third Party App Markets
Flora Liu | 09 Aug 2012 11:17:41 GMT | 0 comments

A new Android malware has been found on third party Android markets. Symantec has identified 18 apps that have been Trojanized with the threat and added detection as Android.Vdloader.
 


Figure 1. List of malicious apps identified
 

A 3D waterfall wallpaper may be displayed after the threat is installed.
 


Figure 2. 3D Waterfall wallpaper displayed after installation
 

The threat...

Read more
What Do Battery Saver, Reception Improver, and Japanese Actress Video Apps Have in Common?
Joji Hamada | 08 Aug 2012 22:53:50 GMT | 0 comments

Back in April, Android.Dougalek (a.k.a. "the Movie" malware) made national headlines in Japan when a large group of malicious apps was discovered that steal users' contacts data. Obviously scammers were listening to the news as well. The idea of stealing information using Android apps caught on like a brush fire and, since this discovery of the "Movie" malware, Symantec has come across a handful of copy-cat apps using the same payload. They include malware such as Android.Uranico, Android.Ackposts, and...

Read more
Android.Oneclickfraud Sister Scams Continue to Have Success
Joji Hamada | 24 Jul 2012 18:13:09 GMT | 0 comments

As it has been a little over a month since I blogged about the arrest of the Android.Oneclickfraud gang and how the sister apps were still alive. I wanted to take some time to give you an update on the recent activities involving the two sister apps. Unfortunately, the two sites hosting the apps are still healthy and active. The gangs maintaining the sites reacted quickly to the publication of the blog last month by fixing the security issues on the websites, although some holes still remain. Interestingly, one site is more secure than the other, which leads me to believe that separate administrators are maintaining the sites. In fact, the sites may well be operated by two different groups.

The groups also appear to have been scrambling to update their sites in various ways, possibly to avoid prosecution, as there have been a number of notable activities taking...

Read more
Miracle Battery-Saver App Harvests Email Addresses for Spamming
Joji Hamada | 23 Jul 2012 22:19:40 GMT | 0 comments

An issue that many smartphone users have with their phones is that their device battery just does not last long enough; it needs to be recharged. While the battery may last a whole day for some, power users who use their phone more often have to come up with various tricks to get their battery to last a full day. There are many ways to reduce battery use and, of course, there are many apps to help maximize battery performance. These do help—but for many it does not solve the issue.

So what if, one day, you find out about a special app that can reduce battery use by half? Exactly. This is the strategy being used to deceive innocent Android users into installing an app that is supposed to reduce battery use, but in reality does nothing but steal the user's contacts data stored on the device.

Recently, Japanese spam email has been circulating attempting to lure users into clicking on a link which downloads and installs a malicious app. The app can exfiltrate...

Read more