The Latest in IT Security

Unlock Your Phone’s Hidden Features!… Not.

10
Jan
2012

Yesterday, we stumbled across this ad from an Android-related site:

android_malicious_website (65k image)

Clicking this led to a malicious Android Market:

android_malicious_website_2 (106k image)

Samples found here are detected as Trojan:Android/FakeNotify.A.

As usual, other malicious sites are hosted on the same IP address as the malicious Android Market. One site that came to our attention claimed to unlock hidden features of the phone. This same site was also found to be promoted in Russian forums.

Upon visiting the site, it indicates that it is a “Phone Optimizer”:

phone_optimizer_text (160k image)

The text above mentions that mobile phone manufacturers are known to hide phone functionalities in order to earn money. The idea is that the manufacturers would then earn money through an OS update that unlocks the hidden features. This site claims to check your phone for such hidden features and unlock them.

Here’s an example of the scan result, and its English translation:

phone_optimizer_scan (145k image) phone_optimizer_scan_translation (44k image)

The phone model was correctly identified by checking the User Agent. The download link leads to a malicious file that sends premium SMS to a number based on the country location.

The malicious page does not only target Android devices. If accessed using an Android phone, it issues a file called optimizer.apk; otherwise, it downloads the file optimizer.jar.

We detect this malware as Trojan:Android/FakeNotify.A (the APK), and Trojan:Java/FakeNotify.C (the JAR).

Our Browsing Protection for Mobile is able to block the malicious links identified in this blogpost:

bp_block (135k image)

Incidentally, for our readers: If you guys come upon suspicious mobile samples, please feel free to send them to us for analysis at: [email protected].



– Post by Raulf and Karmina (also, thanks to Dima for his Russian contribution and English translation)

Leave a reply


Categories

MONDAY, JULY 13, 2020
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments