New Android Malware Robs Bandwidth For Fake Searches

adeelarshad82 writes "We've been hearing about various Android malware spreading through the Chinese markets. Well, here's another one to look out for: meet ADRD (aka Trojan:Android/Adrd.A) which is expert in sucking your bandwidth. The malware downloads a list of search URLs and then performs those searches at random in the background, which as the screen shots [in the linked article] show leads to excessive data charges. Similar to other Android malware this too is distributed through wallpapers which are infected repackaged versions of legit wallpapers." Adds reader Trailrunner7: "Lookout, a mobile security vendor, said it has identified 14 instances of the malware repackaging itself in various wallpaper apps and specifically in the popular game RoboDefense, made available in alternative application markets. The trojan works by duping an infected app into sending encrypted data containing the device’s IMEI and IMSI to a remote host. HongTouTou then receives a set of search engine target URIs and search keywords to send as queries. It then uses these keywords to emulate search processes, creating searches in the search engine yielding the top results for those keywords and clicking on specific results. To the search engine, the searches appear to be coming from a mobile user using a mobile web browser with User-Agent corresponding to the UCWeb browser."

Re:So remind me again...

[willy_me]

The other alternative would be if the OS asked for user permission before an application could access the internet (just one time, not every time).

Not very effective because almost all applications use the internet - at least a little. What would be good is if the application made a request to use the internet and provided an estimated maximum amount used in the dialog. For example, screensaver X requests to use the internet and estimates that it will use under 2MB per month. Now the user knows more about what is happening and the OS can ensure the app does not break it's promise. Advanced settings might even allow the user to restrict the application to specific domains.

While this does not offer a complete solution, it would help prevent apps from running up usage charges.

ROMs are a bigger threat

[bobbutts]

Just a note is that a large percent of the geek population is trusting ROMs with full root access. Just internet access for some sandbox app is small potatoes. Here's an example of a "good" developer making a simple mistake with their ROM http://www.droidforums.net/forum/liberty-rom-d2/125447-so-who-just-had-their-phone-taken-control-liberty-1-5-a.html Imagine what a malicious developer could accomplish.