Apps from unknown sources can be infected with data-stealing malware hidden behind a genuine looking app.
The malicious app has infected at least 60,000 devices so far.
Researchers at RiskIQ explained about this scam in their blog post last week. According to them, the attack begins after displaying a pop-up ad on the device, saying that the device needs cleanup, otherwise it would slow down and consume more battery.
The ad compels the user to trust it by displaying customized content. The source code first detects the device language for specialization. If it finds no specific language, then the ad displays content in English. Next, it scans the device further to trace the model number.
The pop-up has two buttons, one is to download the battery-saving app and the other one is “Cancel”. Regardless of what the user has clicked, the pop-up transfer the user to the malicious app located in Google play store.
As explained by RiskIQ, “The pop-up text is customized towards the visitor’s device by parsing the user-agent server-side and embedding the processed brand and model information in the script that renders the pop-up.”
They identified the spam upon noticing a generalized text in the ad since the source couldn’t detect a model number for desktops.
If the user downloads the power saver app, the app asks for some sensitive information, including:
Access to sensitive log data
* Receive text messages (SMS)
* Receive data from Internet
* Full network access
* Modify system settings.
Besides this, the app also installs a small ad-clicking backdoor that steals information like International Mobile Equipment Identity (IMEI), phone numbers and location.
Tags:
News
