Symantec Finds New Ad Malware In Play Store

0
60
Symantec Finds New Ad Malware In Play Store

Symantec revealed three malicious Android apps that click on ads without their user’s knowledge or consent.

Two of the apps–Fast Charge 2017 and Fast Charger X3 Free–have been downloaded between 10,000 and 50,000 times in North America. (Google’s Play Store publicly releases only broad ranges.) The third, Clear Master Boost And Clean, has been downloaded between 5,000 and 10,000 times. All three use a variety of methods to prevent users from learning their real purpose or stopping them from earning their creators some more money.

Symantec said the apps “use delayed attacks, self-naming tricks, and an attack list dictated by a command and control server” to evade detection and find targets. These features “are relatively common on their own, but have not been seen together,” the company said. Given their popularity, the difficulty with which they are stopped, and their ability to receive new targets from central servers, the apps could earn their operators a pretty penny.

“Even on the Android platform, an app can appear to be many things to many different interfaces,” Symantec said. “These specific apps use one name on the home screen while hiding under a different process name. In one example we encountered, the app title was ‘Fast Charger’ on the home screen, while the process name according to the ‘Settings > Apps’ dialog appears as ‘android’. Once the app hides by deleting itself from the launcher, all that’s left is a process called ‘android’; an unlikely candidate for a user to force quit.”

Ad-focused schemes can be quite lucrative. White Ops revealed in December 2016 a system called Methbot that watches up to 300 million video ads each day to earn between $3 million and $5 million daily. These apps probably don’t have anywhere near as much reach, but they’re still an easy way for someone to make a buck. And, unlike other Android malware, these apps didn’t pose as a popular game or use a third-party marketplace to do it.

Symantec, as always, recommended some best practices for avoiding malware:

  • Keep your software up to date
  • Do not download apps from unfamiliar sites
  • Only install apps from trusted sources
  • Pay close attention to the permissions requested by apps
  • Install a suitable mobile security app, such as Norton, to protect your device and data
  • Make frequent backups of important data

Some of those, like paying attention to app permissions or frequently backing up mobile data, would be useful here. But it seems like things will only get harder for people who worry more about avoiding malicious apps in general than about responding to specific threats discovered by security companies.