Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Attack Uses Attackers' Own Ad Network To Deliver Android Malware

Posted by samzenpus on from the protect-ya-neck dept.

Trailrunner7 writes "The concept of malware riding shotgun with legitimate mobile apps is not a new one. There have been a slew of cases in which attackers have compromised apps in the Google Play store and inserted malware into the file. But a new attack uncovered by Palo Alto Networks is using a new technique that starts with the user installing an app on her Android phone. The app could be a legitimate one or a malicious one, but it will include some code that, once the app is installed, will reach out to an ad network. Many apps include such code for legitimate ad revenue purposes, but these apps are connecting to a malicious ad network. Once the connection is made, the app will then wait until the user is trying to install another app and will pop up an extra dialog box asking for permission to install some extra code. That code is where the bad things lie. The malicious code immediately gains control of the phone's SMS app for both command and control and in order to sign the victim up for some premium-rate SMS services. The attack is interesting, said Wade Williamson, a senior security analyst at Palo Alto, because the attackers can use a legitimate ad network that's already connected to a group of apps and then at any given time flip the switch and begin using it for malicious purposes."

7 of 59 comments (clear)

  1. Then it is malicious... by RobertM1968 · · Score: 5, Insightful

    The app could be a legitimate one or a malicious one, but it will include some code that, once the app is installed, will reach out to an ad network. Many apps include such code for legitimate ad revenue purposes, but these apps are connecting to a malicious ad network.

    Inotherwords "but it has malware in it for the ad portion that goes to a malicious ad network" - or the app IS malicious and not legitimate. An app isn't magically legitimate if only some portions of it are malware.

    --
    StarTrekPhase2 - The Five Year Mission Continues!
    1. Re:Then it is malicious... by ackthpt · · Score: 4, Funny

      The app could be a legitimate one or a malicious one, but it will include some code that, once the app is installed, will reach out to an ad network. Many apps include such code for legitimate ad revenue purposes, but these apps are connecting to a malicious ad network.

      Inotherwords "but it has malware in it for the ad portion that goes to a malicious ad network" - or the app IS malicious and not legitimate. An app isn't magically legitimate if only some portions of it are malware.

      "Sometimes is difficult differentiate between Stupidware and Malware - Stupidware being sloppily written, which allows attacks and Malware which was purposefully written to allow attacks. Both date back at least a decade. That it's happening on a mobile device is simply a logical iteration of a predictable progression, Captain."

      "That ... still ... does not fix the ... communicator, Spock."

      --

      A feeling of having made the same mistake before: Deja Foobar
  2. Android by Anonymous Coward · · Score: 4, Funny

    The only unix-based platform riddled with security issues, viruses and trojans problems.

  3. cross-site attacks by girlintraining · · Score: 5, Insightful

    Advertising on the internet is the most common route for malware by far. That's why I install ad blocking software everywhere. Marketers whine and complain about lost revenue and try to guilt you by saying they need that revenue to run the sites "for free"... but the truth is the way most advertising networks operate allow for "dancing, singing" ads -- that is, injectable javascript. Everything in the marketer's world these days is about using java to track, probe, manipulate, etc., web pages, with pop-overs, pop-unders, drive-bys, side to side scrollers, sound, motion, and anything else to get your attention.

    None of this would be a problem if they stuck to fixed-size IMG tags and graphics. In other words... marketing is a virus. It's the plague. It's not the browser's fault... it's these asshole profiteers who try to be endlessly creative in force-feeding people crap they don't want.

    --
    #fuckbeta #iamslashdot #dicemustdie
    1. Re:cross-site attacks by girlintraining · · Score: 3, Insightful

      Except well, how do you expect developers to eat?

      I suppose the same way everyone else does: By providing a good or service in exchange for monentary compensation. I know, it's an outmodded concept in the Web 2.0 way of thinking... but There Ain't No Such Thing As A Free Lunch. Advertising is not required for the survival of the species nor is its absence detrimental to long-term economic growth and stability.

      Remember, the ad is loaded by the app, and given Android's fairly limited ways of monetization, developers would like to make some money back. If not through a 4rd party ad network, then through siphoning your user data off the phone to their servers.

      I would ask you whether Linux requires monetization of its applications in order to be useful, or that developers are not compensated in other ways. Short answer: Yes.

      Ads pretty much the only way to beat iOS at the revenue game.

      Call me old fashioned, but the way to beat someone at a game is to play it better than they do. It's called competition, and if you provide a better product or service, then in a fair and open market, you should win. If this isn't true, then the problem is with the market, your perception of it, or with external forces.

      --
      #fuckbeta #iamslashdot #dicemustdie
  4. The Matrix by ArcadeMan · · Score: 4, Insightful

    Marketing is a disease, a cancer of the Web, it is a plague, and blocking software is the cure.

    --
    Get free satoshi (Bitcoin) and Dogecoins
  5. Re:FAIL by Dancindan84 · · Score: 4, Funny

    Problem
    Between
    Kindle
    And
    Chair?

    --
    "Always forgive your enemies; nothing annoys them so much." - Oscar Wilde