Sunday, December 30, 2012

Android Malware uses Google Play icon to trick users

Android has been the center of a humongous amount of security holes and malware attacks. Its openness sometimes seems to be a curse more then the boon to the users because it makes it easy for the attackers to exploit the vulnerabilities in the system and annoy and loot the users.

Recently, a member of XDA developers discovered a very serious security flaw in the Exynos 4 series processors which can give the attacker complete control over physical memory of the device and before that attackers targeted the Windows users looking for USB drivers for their Android devices. Now, a new malware has been discovered that uses Google Play Store icon as disguise to lure users to click on it to carry out its attack.

This trojan can carry out co-ordinated DDoS(Distributed Denial of Service) attacks using victims' mobile devices. It can also receive commands from its makers and send text for spamming purposes.

Russian security research firm, Doctor Web, has detected it as "Android.DDoS.1.origin" which supposedly spreads via social engineering tricks. According to the firm, the malware camouflages itself as a legitimate app from Google and also, uses the Google Play store icon once the user installs it on their device.

The special thing about this malware that separates it from the others is that when the user clicks on it, the original Google Play store is opened instead of anything fishy and thus reducing the suspicion about the app. After being launched, the trojan immediately connects to its Command and Control(C&C) and if successful, the malware sends its victim's phone number to the attackers and then sits in wait for the instructions.

The malware can basically conduct two functions: conduct a DDoS attack on a specified server(attackers send over its IP address and port number) and send spam messages(message content and recipients' numbers are dictated to it by the attacker).

When the criminals send a DDoS attack command, the malicious app sends specific data packets to the sent over IP address. Although packets from one device can not hurt a website but when you take the amount of Android devices, potential victims, in perspective, a potential website take-down can take place.

When it receives a command to send SMS, it spams the recipients in no time. This can result in a slower device and also result in unexpected SMS and data charges for the victim to take care of. Also,these expensive messages become a source of income for the app maker.

Android.DDoS.1.origin's source code is reported to be very befuddling which implies that its makers wanted to hide its true functionality. The malware has a very serious criminal potential as it can be used for attacking websites(for political, competitive and corperate reasons), spamming devices or simply generate revenue for its makers.

Although there haven't been much reports of devices affected by this malware but because of the security risk it poses, it is a very dangerous DDoS attack tool. But as we know from the experience, the number of such malwares is very high and only one from the herd has been recognized  The only precaution a user can take to protect itself from such malicious tools is taking care while downloading something and using reliable sources only for the purpose.

1 comment:

  1. Now & then one or more android flaws come up and prevent me from buying an android device. :/