VB2014 paper: Exposing Android white collar criminals

Posted by   Virus Bulletin on   Oct 22, 2014

Luis Corrons dives into the world of shady Android apps.

Over the next few months, we will be sharing VB2014 conference papers as well as video recordings of the presentations. Today, we have added 'Exposing Android white collar criminals' by Panda Security researcher Luis Corrons.

Android is by far the most popular operating system when it comes to mobile malware, and it isn't surprising that this year's conference programme included a number of talks on the tricks used by Android malware to infect devices.

But not all malicious apps need to use such tricks: Luis Corrons discussed various apps that use social engineering to subscribe the victim to premium rate SMS services. In many cases, the methods used are verging on legal - for instance, an app that requires the user to accept its terms and conditions, which openly state its purpose, but in a very small font.

  "To view the contents, you need to accept the terms and conditions." Note the extremely small font used to display those terms and conditions.

Other apps stray from the line of legality a little more, for instance by presenting a web page designed to trick users into believing it is the official Google Play store, or by claiming to be the official app of a popular brand.

  App pretending to be Google Play. Note how some of the numbers don't add up.

Despite the fact that it wasn't hard to find out who was behind these pieces malware, Luis said that getting those people prosecuted wasn't easy - if possible at all.

You can read Luis's paper here in HTML-format, or download it here as a PDF (no registration or subscription required).

Posted on 22 October 2014 by Martijn Grooten

twitter.png
fb.png
linkedin.png
googleplus.png
reddit.png

 

Latest posts:

Necurs pump-and-dump spam campaign pushes obscure cryptocurrency

A Necurs pump-and-dump spam campaign pushing the lesser known Swisscoin botnet is mostly background noise for the Internet.

Alleged author of creepy FruitFly macOS malware arrested

A 28-year old man from Ohio has been arrested on suspicion of having created the mysterious FruitFly malware that targeted macOS and used it to spy on its victims.

The threat and security product landscape in 2017

At the start of the new year, Virus Bulletin looks back at the threats seen in the 2017 and at the security products that are available to help mitigate them.

Spamhaus report shows many botnet controllers look a lot like legitimate servers

Spamhaus's annual report on botnet activity shows that botherders tend to use popular, legitimate hosting providers, domain registrars and top-level domains when setting up command-and-control servers.

Tips on researching tech support scams

As tech support scammers continue to target the computer illiterate through cold calling, VB's Martijn Grooten uses his own experience to share some advice on how to investigate such scams.