SCF Advanced Search



Members
  • Total Members: 14197
  • Latest: Levine
Stats
  • Total Posts: 43467
  • Total Topics: 16558
  • Online today: 2834
  • Online ever: 51419
  • (01. January 2010., 10:27:49)
Users Online
Users: 1
Guests: 2086
Total: 2087









Author Topic: Unwanted Apps in Google Play Pose as Fake AV  (Read 4946 times)

0 Members and 1 Guest are viewing this topic.

Pez

  • SCF VIP Member
  • *****
  • Posts: 776
  • KARMA: 117
  • Gender: Male
  • Pez
Unwanted Apps in Google Play Pose as Fake AV
« on: 22. May 2012., 14:57:04 »

Unwanted Apps in Google Play Pose as Fake AV

In recent years one of the most prevalent malware threats for PCs (and lately Mac users) is fake-antivirus software, which pretends to be a legitimate security program. Its real purpose is to charge victims a fee to remove a nonexistent threat. The same threat has now been ported to mobile devices. In some cases we see the same or similar behavior: getting revenue from users via SMS messages to a premium-rate number or malware that poses as security software to encourage users to install a malicious app (such as Android/Zitmo.F).

Recently 17 suspicious applications, uploaded by the developer thasnimola, were found in the official Google Play market:


Larger Picture

Most of them use a shield as an icon to show that they could be related to “protection” software but some of them also use non-AV names and descriptions with popular keywords like “free,” “Video Downloader,” “Call recorder,” and “sms” to attract users’ attention and encourage the installation of the app. One interesting app is Top Free, which claims “Fast and lightweight malicious app protection for your phone.” Looking at this one further, it is clear that Top Free pretends to be AV software because it uses the screenshots of legitimate AV software as its own:


Larger Picture

Some of them also use an “Antivirus FREE” banner on the app’s web page:


Larger Picture

However, unlike fake-antivirus software threats for PCs and Macs, these applications do not gain revenue from users by detecting nonexistent Android malware. Instead, these apps make money using a more legitimate method: advertisements. All the suspicious apps were created using the same free online service used to create the Android/DIYDoS hack tool. For this reason the behavior is nearly same: When the application is executed, a WebView component shows the contents of a URL that is stored in an XML file inside the res/raw folder:


Larger Picture

One difference between these apps and Android/DIYDoS is that these include an advertisement module–provided by the online service–that creates the applications which send sensitive device information (IMEI, GPS coordinates) to a remote server:


Larger Picture

Here is the complete list of the unwanted applications that we reported to Google:

App Name                         Package                          Installs (Google Play)
love sms                           com.wDictionarye                    100-500
jokes                                com.wcopywap2                      100-500
video convertor                 com.whackmanmobisms           100-500
send free sms                   com.wPhotoscapeyy                 100-500
sms sender                       com.wcopywap6                      100-500
top free                            com.wcopywap4                       100-500
friendship sms                   com.wvideodown2                    100-500
hissam sms collections       com.wcall                                100-500
top free sms                     com.wcopywap5                       10-50
sms free                           com.wSpokenEnglisheee           10-50
free message sender          com.wcopywapphoto                10-50
shayaries                          com.wTabla                             1-5
sms                                  com.whissamsmscollections      1-5
sms collections                  com.wChromea                        1-5
free call recorder               com.wfreecallrecorder               N/A
youtube video downloader  com.wvideo9                            N/A
free sms                           com.whissamsmscollections2     N/A

All of these have already been removed from Google Play. If you have enabled  detection for potentially unwanted programs (PUPs, our default setting), then McAfee Mobile Security for Android will detect these apps as Android/DIYAds.


Orginal article: Thursday, May 10, 2012 at 11:47am by Carlos Castillo

Their is two easy way to configure a system!
Every thing open and every thing closed.
Every thing else is more or less complex.

Start Turfing ! http://scforum.info/index.php/topic,8405.msg21475.html#msg21475

Samker's Computer Forum - SCforum.info

Unwanted Apps in Google Play Pose as Fake AV
« on: 22. May 2012., 14:57:04 »

devnullius

  • SCF VIP Member
  • *****
  • Posts: 3614
  • KARMA: 157
  • Gender: Female
    • SCForum.info
Re: Unwanted Apps in Google Play Pose as Fake AV
« Reply #1 on: 12. February 2013., 10:31:38 »
Good warnings - also see: http://scforum.info/index.php/topic,7988.0.html

Karma...

Devvie


~~~ notemail@facebook.com ~~~

Cuisvis hominis est errare, nullius nisi insipientis in errore persevare
——
All spelling mistakes are my own and may only be distributed under the GNU General Public License! – (© 95-1 by Coredump; 2-013 by DevNullius)
More information about bitcoin, altcoin & crypto in general? GO TO  j.gs/7385484/btc

Cuisvis hominis est errare, nullius nisi insipientis in errore persevare... So why not get the real SCForum employees to help YOUR troubled computer!!! SCF Remote PC Assist http://goo.gl/n1ONa9

Samker's Computer Forum - SCforum.info

Re: Unwanted Apps in Google Play Pose as Fake AV
« Reply #1 on: 12. February 2013., 10:31:38 »

 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.codekids.ba:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Kursevi programiranja za ucenike u Sarajevu

Terms of Use | Privacy Policy | Advertising
TinyPortal 2.3.1 © 2005-2023