Android Malware Attacks

Android Malware Attacks

Android malware can allow cyber criminals to intercept messages, monitor calls, steal personal information, and even listen in with the device’s microphone. Its able to infiltrate user devices in many ways, adult apps are one such path to infection. There are various adult-themed apps that are infecting users with malware; neither app, however, is hosted on the official Google Play Android app store.

There are usually three types of Smartphone malware:

1. Ransomware:

Ransomware is a type of malware that encrypts your files and demands a ransom to be paid off to re-gain access back to your files. An example of ransomware is an app called Simplocker. Simplocker is a Trojan that disguises itself as an app suitable for adults only. This ransomware was discovered by security researchers at ESET in Russian forums.

2. Sextortion malware:

Sextortion is an online blackmail where the victim is persuaded into performing sexual acts that are secretly recorded. The attacker then threatens to upload the video and send it to their friends or relatives if the victim doesn’t give in to their demands. These attacks are common in Asian countries.

3. Android power off hijack:

Android Power Off Hijack discovered by AVG, is a type of malware that hijacks the process responsible for shutting down your smartphone, so that it appears to be off when in fact it’s functioning. It even plays the shutdown animation to convince you that it’s really turning off. What this power off hijack does is it secretly takes pictures, makes calls, and sends messages while you think that your phone is turned off.

In one case, a Chinese SMS Trojan is hidden inside of a Chinese language adult app. Once a user installs the app, random adult sites are shown to the user in the foreground, while in the background, the app sends the user’s information via SMS to the attackers. The malware is able to get access to the user’s information, due in part to the fact that the app is granted permission by the user when installed. “It is always highly recommended for mobile users to understand the permissions,”.

“This usually means that lot of mobile users ignore the permissions page while installing the apps,” The other adult app containing malware that attempts to scare victims with a fake security notice (Ransomware Attack).

Victims

A user installed the app, the user’s screen showed a fake warning from Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) claiming the device was found to be visiting sites containing forbidden sexually explicit content. The malware had stolen the user’s information, including email inbox messages, and send them to a remote command and control (C&C) server. This was a SMS Info stealer attack. “The command and control server for the SMS Trojan app is located in Hong Kong, whereas the command and control server for SMS Info stealer app is located in United States,”. Of particular note for both SMS Trojan and Info stealer is that common mobile antivirus technologies.

A fake BBM app recently appeared in the Google Play store and managed to secure more than 100,000 downloads before being removed. The app itself was nothing more than a spamming service.

About 10,000 devices were infected as of February 18th 2015 with this malware. However, this type of malware only affects Android versions under 5.0, requires root access and has been found only on apps outside of Google Play Store.

To stay safe, don’t download apps from Chinese app stores or any unknown app stores. Always download your apps from Google Play Store.