Symantec is warning of new malware masquerading as two apps on Google
Play that claimed up to 100,000 victims before the Trojan was removed.
Both
"Super Mario Bros." and "GTA 3 Moscow City" racked up 50,000 to 100,000
downloads after being posted June 24 on Google Play.
"What is
most interesting about this Trojan is the fact that the threat managed
to stay on Google Play for such a long time, clocking up some serious
download figures before being discovered," Irfan Asrar wrote in a blog post. "Our suspicion is that this was probably due to the remote payload employed by this Trojan."
Asrar last year wrote about this evasion-driven
technique, in which the payload is broken into separate modules and
delivered independently, making it easier to hide and inject in other
apps. In the case of this malware, called Android.Dropdialer, the first
stage was posted on Google Play. Once installed, it downloaded an
additional package via Dropbox called Activator.apk that sends SMS
messages to a premium-rate number tied to Eastern Europe.
"An
interesting feature of the secondary payload is that it prompts to
uninstall itself after sending out the premium SMS messages—an obvious
attempt at hiding the true intent of the malicious app," Asrar said.
The security researcher noted that Android Security immediately revoked the threat once it was notified.
Courtesy by Anne Saita @Treatpost
No comments:
Post a Comment