The Latest in IT Security

Android malware spreads via Facebook [VIDEO]

24
Feb
2012

Android malware spread via FacebookIf you’re using Facebook on your Android smartphone, you should be just as careful clicking on links as you would (hopefully) be on a desktop computer.

A few days ago I received a Facebook friend request and, as is usual, used my Android smartphone to check out the details of the person before I decided whether I wanted to become “friends” or not.

As the following video demonstrates, a link on the user’s Facebook profile redirected my browser to a webpage that installed malware directly onto my Android mobile phone – without any warning or request for authorisation.

(Enjoy this video? Check out more on the SophosLabs YouTube channel.)

The malware package was called any_name.apk, and appears to have been designed to earn money for fraudsters through premium rate phone services.

Anyname malicious file

Alarm bells definitely rang when I noticed the app was using a class name which attempted to associate it with the legitimate Opera browser app:

com.opera.install

An encrypted configuration file inside the package includes the dialling codes for all supported countries (for instance, the UK is in there) and the premium rate number and text of the SMS message which it intends to send.

Although the app makes a pretence of informing you what it plans to do when you first run the program, it is being pushy in the extreme by installing itself without your permission.

What’s even more suspicious is that when I revisted the url on my Android smartphone a few days later, I was redirected to another website which downloaded a different app (allnew.apk) which had the same functionality as the earlier sample, but was non-identical on a binary level.

Clearly someone is busy creating new variants of this malware.

Sophos products detect the malicious app as Andr/Opfake-C.

Take care everyone.

Leave a reply


Categories

THURSDAY, MARCH 28, 2024
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments