Members
  • Total Members: 14197
  • Latest: Levine
Stats
  • Total Posts: 43434
  • Total Topics: 16528
  • Online today: 3080
  • Online ever: 51419
  • (01. January 2010., 10:27:49)
Users Online
Users: 2
Guests: 3073
Total: 3075









Author Topic: Aggressive Ad Module Scans Android Apps  (Read 3971 times)

0 Members and 1 Guest are viewing this topic.

Pez

  • SCF VIP Member
  • *****
  • Posts: 776
  • KARMA: 117
  • Gender: Male
  • Pez
Aggressive Ad Module Scans Android Apps
« on: 13. September 2013., 13:15:10 »
Aggressive Ad Module Scans Android Apps

During our routine patrols of popular marketplaces offering Android applications we recently came across some suspicious applications hosted on the popular Google Play. The applications are distributed as hacking tools, utility tools, and pornographic apps by different developers. Here are images for a few of them:



("click the images to make them larger")




Suspicious applications on Google Play.

These apps seem to offer no functionality based on their titles, stating “increase Internet speed” and “phone hacking,” for example.

Once installed by the victim, the apps appear to work at first but in fact they simply display screens with interactions that are all fake, using hard-coded or random values generated by the code to seem legitimate. In short, these apps are fake or joke applications.



These fake apps appear to be working on the surface.



Hard-coded PIN in the code.

These apps also bundle several components that relentlessly show advertisements after the user closes the app. In our research, one of the ad modules has an online scanning function, which checks installed apps on the device without the user notification and aggressively displays a purchase screen.



Executed online scan function.

We also confirmed the ad module attempts to download the alleged antimalware application Armor for Android from a remote server.



The “antimalware” application downloaded from a remote server.

As always, users should never install unknown or untrusted software. This is especially true for illegal software, such as cracked applications. They are a favorite vector for malware infection. McAfee Mobile Security detects these suspicious fake apps as Android/FakeBapp.C.


Original article: Monday, September 9, 2013 at 11:07am by Yukihiro Okutomi
Their is two easy way to configure a system!
Every thing open and every thing closed.
Every thing else is more or less complex.

Start Turfing ! http://scforum.info/index.php/topic,8405.msg21475.html#msg21475

Samker's Computer Forum - SCforum.info

Aggressive Ad Module Scans Android Apps
« on: 13. September 2013., 13:15:10 »

Samker

  • SCF Administrator
  • *****
  • Posts: 7529
  • KARMA: 322
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum
Re: Aggressive Ad Module Scans Android Apps
« Reply #1 on: 14. September 2013., 10:40:44 »
I really do not understand why someone would install (consciously) fake App?  ???

Thanks P.  :up:

devnullius

  • SCF VIP Member
  • *****
  • Posts: 3614
  • KARMA: 157
  • Gender: Female
    • SCForum.info
Re: Aggressive Ad Module Scans Android Apps
« Reply #2 on: 14. September 2013., 13:06:24 »
Well... I'm afraid I recognize some of the programs from my early android days last year... They do not always advertise "fake" app. And to be fair... I never even thought of checking that in the beginning. Because  WHY would someone... ;p

Sigh - gonna check the damages laters

:)

devnullius
More information about bitcoin, altcoin & crypto in general? GO TO  j.gs/7385484/btc

Cuisvis hominis est errare, nullius nisi insipientis in errore persevare... So why not get the real SCForum employees to help YOUR troubled computer!!! SCF Remote PC Assist http://goo.gl/n1ONa9

Samker's Computer Forum - SCforum.info

Re: Aggressive Ad Module Scans Android Apps
« Reply #2 on: 14. September 2013., 13:06:24 »

 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.codekids.ba:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Kursevi programiranja za ucenike u Sarajevu

Terms of Use | Privacy Policy | Advertising
TinyPortal 2.3.1 © 2005-2023