20 January 2012

Fake Angry Birds Game spreading Malware from Android Market



From last week premium rate SMS Trojans surfaced in the Android Market. Google has pulled 22 apps that are masquerading as legitimate versions of popular games like Angry Birds and Cut the Rope. Security researchers have discovered a way to bypass an Android smartphone owner's permissions and access private data stored on their smartphone.


If someone tried to look for “Cut the rope free”, this malicious application was in the fourth place in the search results. Apps published by the developer Miriada Production may look like well known Android games (Angry birds, Need for speed, World of Goo and others) and users could be easily confused. 

The fake apps includes:
·         Cut the Rope
·         Need for Speed
·         Assassins Creed
·         Where's My Water?
·         Riptide GP
·         Great Little War Game
·         World of Goo
·         Angry Birds
·         Shoot The Birds
·         Talking Tom Cat 2
·         Bag It
·         Talking Larry the Bird
These apps have been pulled from the Android Market.

The fraudulent apps would install a premium rate SMS Trojan that not only automatically sends costly SMS messages, but also prevents users' carriers from notifying them of the new charges. According to Lookout Mobile Security, the new threat called RuFraud has been found in an initial batch of apps on the Android Market that include horoscope apps, wallpapers, and game apps that pretend to be legitimate games like Angry Birds.
The fraudulent apps would install a premium rate SMS Trojan that not only automatically sends costly SMS messages, but also prevents users' carriers from notifying them of the new charges. According to Lookout Mobile Security, the new threat called RuFraud has been found in an initial batch of apps on the Android Market that include horoscope apps, wallpapers, and game apps that pretend to be legitimate games like Angry Birds.

What will happens if these threats are installed in your mobile devices?
It will attempts to send text messages containing the string “798657” to premium-rate numbers using the infected device’s current default SMS Center (SMSC) by exploiting the Permissions function (android.permission.SEND_SMS), Capable of sending an affected user’s GPS location via HTTP POST, Opens several ports and connects to specific URLs to receive and execute commands from a remote user, Gathers information like International Mobile Equipment Identity (IMEI) and International Mobile Subscriber Identity (IMSI) numbers from infected systems, which is then sent to a specific site and Secretly forwards all incoming text messages to a remote user.
How do users get these threats?
Trend Micro has reported several incidents wherein malware came disguised as Android apps. Samples of Android malware found in the wild include:
·         ANDROIDOS_DROIDSMS.A: Came disguised as Windows Media Player.
·         ANDROIDOS_DROISNAKE.A: Came in the form of a game known as Tap Snake.
·         ANDROIDOS_GEINIMI.A: Came in the form of Trojanized apps hosted in certain third-party app stores in China.
·         ANDROIDOS_ADRD.A: Comes in the form of a Trojanized wallpaper app.
·         ANDROIDOS_LOTOOR.A: Trend Micro’s detection for Trojanized versions of legitimate apps like “Falling Down”.
·         ANDROIDOS_BGSERV.A: Trojanized version of Android Market Security Tool, which was released to address the modifications done by AndroidOS_LOTOOR.A.

Trend Micro Suggest "Users can also check the developer’s profile for other apps. Google also offers developer ratings, as well as the status 'Editor’s Choice' that can further validate the developer’s legitimacy. It is also a good practice to check app ratings and user feedback for more verification. The user rating and feedback feature give people a more accurate view of the experiences users have when using or installing the app. You can find it just below the app icon.,".
If you’ve downloaded any of these apps, remove them immediately.

Stay Safe..
Hv gr8 day!

ABOUT THE AUTHOR
AbhiShek SinGh
Founder of 'TheHackingArticles'. Cyber Security Analyst, Cyber Security Researcher, and Software Engineer. Follow 'AbhiShek SinGh' on Facebook , Twitter or Google+ or via Email

Subscribe to stay up to date