Android.Sumzand, currently one of the most active malware programs in Japan, has recently transformed itself into the “Sun Charger” app. Advertised through spam, this series of variants pretending to be apps that allow mobile devices to be charged by holding the display towards the sun has been quite successful in stealing contact details from a large number of users. As the scammers collect large volumes of data stored on the device, they send more spam advertising the fake apps to the email addresses that they have acquired. The number of recipients of the spam is increasing exponentially as each day passes by.
Because this particular spam campaign has become so huge, it is a heavily discussed topic on Internet forums and social-networking sites. Some users question if anyone would even fall for the trick, whilst others who have never received spam in the past are confused why they are suddenly receiving spam. A small portion of users criticize the app because it did not work as advertised; however, as far as the scammer is concerned, the app performed its job perfectly, i.e. it has managed to steal personal data in the background.
To combat its notoriety, the scammers are regularly changing the apps in an attempt to keep a low profile. “Sun Charger” is the fourth variant that we have seen since we confirmed its existence in early August. But the scammers have been lazy at making the changes; either that or they are just too busy and lack the time and resources to make a major facelift. It is also possible that they were not aware of the sheer scale of the operation when they commenced their venture.
The content of the emails spammed out have been pretty identical among the variants except for the name of the app and the URL included to download it. The email addresses of the sender are consistently being modified, but all seem to be coming from the ezweb.ne.jp domain. The latest example can be seen below:
The home pages hosting the apps are also almost the exact same with the exception of the original version.
Though the icons of the apps are very different, the apps themselves are identical to each other-except for the URLs included in the code to upload the contact details to and, of course, the name of the apps. Once opened, all four apps display the solar screen, which appears to be charging for a second, but pops up a message stating that the app is incompatible with the device. Note that there is a popular joke app called “Solar Charger” that looks and functions almost the same as the four apps. The scammers most likely stole the idea and images from this app to create their fraudulent apps.
Interestingly, the scammers do not appear to be too concerned about evading detection, at least against Symantec products. We proactively detected this fraudulent Sun Charger app.
Although the group of scammers continues to make changes, it is basically just modifying the name of the app as well as the icon. Sites hosting the app are also different. But other than that, they are identical. Users should watch out for any emails from unknown senders especially those that advertise apps. They should be cautious even though they may recognize the domain if they are not familiar with the sender. They should also be aware that tactics can change at any time. A variant of Android.Sumzand not discussed in this blog is a fake app to view a free video of Erika Sawajiri, a Japanese actress. Content of the email used to advertise this app is very different from the four apps discussed above. There are currently other active scams similar to this one that users should be wary of. To combat the variety of malicious apps out there, it is advised that users install security software such as Symantec Mobile Security and Norton Mobile Security.
Leave a reply