(Ping! Zine Web Tech Magazine) – Panda Security, The Cloud Security Company, has uncovered a new massive attack on Android users, using an elaborate ploy on Facebook encouraging people to download a series of apps. Panda Security has contacted Facebook to warn of this malicious advertising campaign on the popular social network.
When users access Facebook from their Android mobile device, they will see different messages under the title ‘Suggested Post’ advertising WhatsApp tips like: “Want to know how to see your contacts’ chats on WhatsApp? Find out here!” or “Want to hide your WhatsApp connection status? Download this app so people can’t see you.” If the intended victim clicks on any of these ads, they are redirected to a fake version of Google Play, the Android app store. The user, thinking that this is the genuine site, downloads the free app, which is really a Trojan that subscribes users to a premium-rate SMS service without their knowledge. Currently, Panda is only seeing these ploys occurring for Facebook users in Spain, but is keeping an eye on it to determine if it will spread to other countries.
“In this attack, cyber-criminals have taken advantage of Facebook’s targeted advertising options. In this case, the ad is only shown to Spanish Facebook users who are accessing the social network from an Android mobile device. We carried out tests using the same account from a PC, an iPad, an iPhone and Android and the ads were only displayed when using the Google operating system,” said Luis Corrons, Technical Director of PandaLabs at Panda Security.
The Trojan checks all inbound messages received on the device and if the sender is the premium-rate SMS service, the message is intercepted and deleted so the user is unaware. Yet this technique doesn’t work with the latest 4.4 (KitKat) version of Android, so the creators have come up with an ingenious trick to overcome this: when the message is received, the phone volume is muted for two seconds and the inbound message is marked as read. The app includes an SMS counter, so when the first message is received from the premium-rate service, it reads it to get the confirmation PIN and registers the user on the corresponding website to activate the premium-rate SMS service.
The Trojan also deletes any messages sent from the number 22365, another number associated with premium-rate SMS services, although from a company apparently unrelated to this attack. All signs would suggest that this is designed to protect against a specific competitor: if another Trojan tried to register to an SMS service it wouldn’t be able to access the confirmation message and consequently it couldn’t access the PIN and activate the service.
The cyber-criminals are not just using WhatsApp as bait, but also any topic that could attract users like ‘amazing videos,’ Candy Crush tricks, Angry Birds tricks, and others.
Panda Mobile Security Offers Protection
Thanks to Panda Mobile Security 1.1 and its ‘Privacy Audit’ feature, any app with these potentially dangerous profiles will be classified as ‘Cost money’ and can be deleted directly from that section. That said, not all apps in this category are malicious: any app with sufficient permissions to operate in the way described above will be in this category. If users discover an app installed that shouldn’t have these permissions, they should delete it immediately.
More details on the PandaLabs blog.
About Panda Security
Founded in 1990, Panda Security is the world’s leading provider of cloud-based security solutions, with products available in more than 23 languages and millions of users located in 195 countries around the world. Panda Security was the first IT security company to harness the power of cloud computing with its Collective Intelligence technology. This innovative security model can automatically analyze and classify thousands of new malware samples every day, guaranteeing corporate customers and home users the most effective protection against Internet threats with minimum impact on system performance. Panda Security has 80 offices throughout the globe with US headquarters in Florida and European headquarters in Spain.
Panda Security collaborates with The Stella Project, a program aimed at promoting the incorporation into the community and workplace of people with Down syndrome and other intellectual disabilities, as part of its Corporate Social Responsibility policy.
For more information, please visit http://www.pandasecurity.com/.