Wednesday, March 13, 2013

Android.SmsSend Trojan spreads through advertising platform Airpush

The company Dr Web today warned about the intense spread Trojans Android.SmsSend by advertising platform Airpush, which is used by many developers to make money on the applications they create. Demonstrated the system messages may confuse users and lead to malicious software downloads.

Virus lab experts Dr Web periodically recorded complaints from users on false positives from Dr.Web for Android applications against GooglePlay_install.apk, which detected the Trojan Android.SmsSend.315.origin. After studying the problem of virus experts have confirmed the validity of the detection of the program, which is in fact a fake installer and charge for access to the free applications, sending premium SMS to a short number. However, the treatment of such complaints are still coming. Spent on this investigation had revealed one of the sources of the spread of Trojan: it was advertising system Airpush.

As you know, many games and applications for Android are free, but in order to recoup their development in time and money, developers often use a special system that plugs directly into the target program and show users different advertisements. These systems, in particular, is a popular advertising platform Airpush. A typical algorithm of its work is to demonstrate the application of advertising in a specially designated place, but some version of this module can also display different dialog boxes when working with the program, and without it directly run. In this case, the contents of the advertisements themselves can be absolutely anything, what and exploited, so decided to distribute the Trojan Android.SmsSend.315.origin.

Thus, the demonstrated module Airpush dialog box may require download some update for OS Android, and inexperienced in the features of the mobile device user can easily mistake it for the "official" message from the operating system. After clicking on the button executes a load malicious packet that after installing and running through the process of installing the required application, in this case - the application GooglePlay. In fact, the only Trojan creates the appearance of the installation process, and then displays the link to download this catalog Google Play, simultaneously devastating the mobile account users.

No comments:

Post a Comment