Rogue advertising affiliates maybe behind surge in Android adware

Published on Friday, October 12th by Tony Dennis

Rating: Fortinet seems to think so

A very definite rise in Android adware has been identified by security specialist, Fortinet. Its researchers reported the marked increase the period beginning July 1st [2012] and ending September 30th. Two adware variants – named Android/NewyearL and Android/Plankton – were detected the company’s Labs – running at four per cent in the Americas and almost one per cent in the APAC and EMEA regions on all FortiGuard monitoring systems. “The surge in Android adware can most likely be attributed to users installing on their mobile devices legitimate applications that contain the embedded adware code,” Guillaume Lovet, senior manager of Fortinet’s FortiGuard Labs Threat Response team explained. “It suggests that someone or some group is making money – most likely from rogue advertising affiliate programs.”The company also says that the Zitmo (Zeus-in-the-Mobile) mobile banking Trojan is evolving into a botnet.

The two main adware variants embed a common toolset for unwanted advertisements displayed on the mobile’s status bar.

They also carry out user tracking through the handset’s IMEI (International Mobile Equipment Identity) number and can drop unwanted icons on the device’s desktop.

The company’s advice to counter such adware is to keep a close eye on the rights being asked by the application at the point of installation.

Additionally, the company recommends than smartphone users only download mobile applications that have been highly rated and reviewed. Easier said than done, of course.

It is interesting that Fortinet has identified new versions of the Zitmo banking Trojan for Blackberry as well as Android. They have now added ‘botnet-like’ features meaning that cybercriminals can control the Trojan on the handset by sending it commands via SMS.

The way to beat Zitmo is relatively easy. Banks rarely – if ever – send a request to their customers asking them to install an app.

So even if the request looks genuine, don’t download an app from your Bank if it appears to be asking you to.

Reputedly, the Trojan is able ‘break’ two-factor authentication. That’s where banks send out an SMS code to trigger second authentication factor and confirm a transaction.

The example of Android/Plankton shown here – Snake Kaka, is adware disguised as a game.

if you look carefully at the rights it is requesting, it wants to look at your personal information and access system tools – neither of which a regular game needs to do.

About Tony Dennis

Tony is currently Editor of GoMobile News. He's a veteran telecoms journalist who has previously worked for major printed and online titles. Follow him on Twitter @GoMoTweet.
This article was published in BlackBerry, Mobile Ad&Mktg, android, mobile security and tagged , , , , , , , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>