Dec
30
2012

Beware the fake Google Play store that’s actually malware

Malware on Android is nothing new. In fact, stories about this very subject can be found on most major news websites or tech blogs on an irregular basis, perhaps approaching once a month if not more. Usually the malware is easy to identify with the right amount of attentiveness, with the wrong developer names, low quality icons or badly written descriptions on the download page being a dead giveaway; and even if you're foolish enough to download these, the failure of the app to work; or unexpected behaviour while it's running should usually grab attention. But what if the Malware looks and acts like the official store where you buy the apps in the first place?

This is the latest threat to Android users, discovered by effective Russian security firm Doctor Web. Known as the "Android.DDoS.1.origin" trojan, infected devices can be used for an array of malicious purposes including spamming text messages; and even DDoS attacks. Once installed, the app creates an icon that is an exact replica of the Google Play Store. Clicking it will still send you to the Store, but also activates the trojan, which runs silently in the background. The trojan will immediately try to connect to its Command and Control (C&C) server and if it does, the server operators are sent the victim's phone number. From here, the virus can receive texts from its operators, which are intercepted so the phone isn't aware of their receipt, telling it what to do next. These instructions can include a request to start DDoSing; at which point, the malware will spam a given target with quick bursts of data from the infected phone

The DDoS attacks present a threat to the infected phone's user, who will find the data limits on their calling plans quickly used up unwittingly and criminally; and if enough phones attack the same location, it can also be bad for the receiving site, which may fail temporarily due to the sudden surge of traffic. Be careful out there!

One Response

  1. […] from Technically Motivated – Original Link. Techie Jinji and Crimsonshade are the same […]