New Attack Uses Attackers' Own Ad Network To Deliver Android Malware 59
Trailrunner7 writes "The concept of malware riding shotgun with legitimate mobile apps is not a new one. There have been a slew of cases in which attackers have compromised apps in the Google Play store and inserted malware into the file. But a new attack uncovered by Palo Alto Networks is using a new technique that starts with the user installing an app on her Android phone. The app could be a legitimate one or a malicious one, but it will include some code that, once the app is installed, will reach out to an ad network. Many apps include such code for legitimate ad revenue purposes, but these apps are connecting to a malicious ad network. Once the connection is made, the app will then wait until the user is trying to install another app and will pop up an extra dialog box asking for permission to install some extra code. That code is where the bad things lie. The malicious code immediately gains control of the phone's SMS app for both command and control and in order to sign the victim up for some premium-rate SMS services. The attack is interesting, said Wade Williamson, a senior security analyst at Palo Alto, because the attackers can use a legitimate ad network that's already connected to a group of apps and then at any given time flip the switch and begin using it for malicious purposes."
"It's working! Neville - It's working..." (Score:2, Interesting)
I avoid ads totally (especially malscripted ones) via hosts files:
---
APK Hosts File Engine 9.0++ 32/64-bit:
http://start64.com/index.php?option=com_content&view=article&id=5851:apk-hosts-file-engine-64bit-version&catid=26:64bit-security-software&Itemid=74 [start64.com]
---
Yes, even on an android smartphone
(Via ADB/Android Debugging Bridge & its PULL command, but use smaller optimized hosts there folks - not much room, shitty caching (sorry google, it's true)).
As long as attacks = host-domain name based (most are, like 99%, especially via "immortal" fastflux + dynDNS malware the majority/prevalent type out there vs. IP addressed ones).
Hosts files do more with less in a single file & at a faster privelege level (ring 0/rpl0/kernelmode) than redundant crippled by default browser addons (that slow up already slower ring 3/rpl 3/usermode browsers & are advertiser owned (Ghostery/Adblock "foxes guarding your henhouse")).
"Less is more" = GOOD engineering via less complexity, room for breakdown, & less "moving parts"/variables in the equation.
"The premise is, quite simple: Take something designed by nature & reprogram it to work FOR the body, rather than against it..." - Dr. Alice Krippen "I AM LEGEND"
Since "They're not gonna stop..." - Dr. Robert Neville "I AM LEGEND" @ that film's near termination...
APK
P.S.=> Hosts work by acting as a filter for the IP stack itself (written in C language & starts with the OS + 1st request to the internet it is the 1st resolver queried as well, with over 45++ yrs.of optimization refinement put into it).
Hosts also aid reliability vs. downed DNS & protect vs redirected DNS servers also securing you vs. known bad hosts-domains online http://tech.slashdot.org/comments.pl?sid=3985079&cid=44310431 [slashdot.org] & . Hosts files give users of them good benefits in added speed, security, reliability & even added anonymity (to an extent), all enumerated in the link to my program above, in detail...apk