Android App, make sure it isn’t a malware you download!

android_malware

Since the last year there has been a serious increase in the number of Fraud Android apps over the internet and the story is just adding in more headlines over the current year. A week ago Symantec revealed that they had come across a piece of malware called Android.Exprespam, designed to collect personal data from the devices it infected. Until recently, malwares had their sources rooted in secondary devices, websites and e-mails but now after the Android market began piping hot, it found the attention of the malware developers.

Symantec write in their official blog;

In October 2012, the Tokyo Metropolitan Police arrested a group of five individuals for their involvement in developing and distributing Android malware that collected personal data, but that did not deter at least one group of scammers from doing the same as they continued to lure Android device owners to their malware. The Tokyo District Public Prosecutors Office then dismissed the case in December last year because it was unable to find enough evidence to prove that the five suspects were committing a crime. The dismissal has now led to the creation of yet another Android malware targeting Japanese Android device owners.

Earlier another Android malware called the  Android.Enesoluty, which still persists was found. Spam emails with link to a fake Google Play was forwarded which are hosted on a server located in Washington State in the United States. After the news about the fake pages started spreading, the scammers just built another one called Android Express’s Play.

Symantec has given out a list of about 9 fake apps, these apps are all the same in the way it works, i.e to steal your private data, but each of the apps are named relative to some high-demand apps, so that more victims would fall into the trap…

                                           So, you better have a thorough check on the download source.

As for the protection measures Google are using:

Bouncer : conducts automated scans on the apps uploaded to Google Play, where they are loaded into a software emulator using Google’s cloud infrastructure, the app feels as if running on an Android device, while in reality it is running inside a program that behaves like an Android device. The app is allowed to perform its function for sometime while Google watches on it, and if nothing suspicious is given a pass.

Another one  is the JellyBean 4.2’s app verification, which verifies app from any source while the device has Google Plat installed. If the verification fails, the app is considered dangerous and blocked.

While all the protections persist, the final security revolves around how careful you are, its better to keep out of anything suspicious, keep your OS updated, immediately close those app downloads which request permissions, and you may use antivirus from trusted vendors. Instead of blindly accepting all that shows up on the screen while installing or downloading, make it a habit to read it carefully, if you wish not to fall in any pit…

The table below is from the Symantec blog with the names of the apps, if any of these apps get installed, it sends or all the personal information in the device to a remote server.  The fake apps usually seeks permission to read the phone’s state etc while the legitimate ones generally wont.

Table

Advertisements

2 responses to “Android App, make sure it isn’t a malware you download!

  1. This is very inspiring, as getting from the start & Having no real background in programming (aside from making some adventures on ZX-81 and MSX), this does sound like I could get started on developing something for my own Android based eBook reader and android app development training even this online course seems to be interesting http://www.wiziq.com/course/13599-professional-android-app-development-training-1-on-1-sessions. Has anyone tried any online courses so far. Please do provide a light on this also.

    Thankyou for all the info also.

  2. hey sumit sorry for the late reply…
    About the online courses I will try to gather more info on it and will laet u know, thanx for reading and for your valuable comment…

What's in your mind...

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s