Obviously, you can’t login until you register, and if you try to do so, you will be asked to provide personal details: In the foreground, the app pops up a bogus login screen, by means of which it tries to harvest Personally Identifiable Information (PII): Once it’s done, it “calls home” by sending a confirmation SMS to a control number, presumably one belonging to the malware author. The virus APK (Android Package) covers its tracks with a cute-looking splash screen that pops up as soon as you run it:īut it has already kicked off its self-spreading in the background, SMSing itself to the first 99 entries of your contact list. …then you, and 99 of your friends in turn, are heading for trouble. So, if you decide to take a chance on a link from a friend that says, simply… With Google Play not officially available in China, alternative Android markets have flourished, and, by all accounts, Chinese users are accustomed to running their Android phones with the Allow installation of apps from unknown sources option enabled. So, even a few initial infections can quickly generate a large amount of traffic, which is exactly what seems to have happened.Īccording to a news report out of China, local mobile telephone operators claim to have blocked over 20 million messages already, with “at least 100,000 phones infected.” How the virus arrives The virus, dubbed Andr/SmsSend-FA by Sophos products, spreads by SMSing a download link to your first 99 contacts. In contrast, this new Android virus was a head-of-steamer. It spread by means of SSH connections only between jailbroken iDevices, which limited its community of potential victims. The infamous Ikee iPhone virus of 2009, still the only known iOS virus that has spread in the wild, was, fortunately, one of the fizzlers. In contrast, a virus that spreads by forwarding itself only to people already in your address book (or on your phone number list, or nearby on your network) will starts small and either build up a head of steam, or fizzle out. → Recent SophosLabs experiments suggest that a commonly-sized botnet of 10,000 computers can deliver more than 50 billion spams per week. Spamming out malware has the advantage that the crooks can quickly target millions of potential victims, all of whom might end up infected in one shot, during the very first wave of the attack. In practice, however, you and your friends will just end up with SMS headaches.Īs in the case of the “Look The Self-time” malware (Andr/SlfMite-A) we wrote about in June 2014, this attack involves a true virus – in other words, malware that deliberately spreads itself.Īs we remarked back in June, viruses are rare these days, with most malware distributed in emails generated directly by the cybercrooks, either as attachments or as clickable links, rather than by the malware itself. In theory, the implication seems to be that you can use the app, which you receive as an SMS invitation from one of your friends, to organise a romantic hook-up. The malware goes by the name XX神器 (XXshenqi) in Chinese, or the Heart App, as it calls itself in English. SophosLabs has been following an interesting Android malware story over the past week. Thanks to Nagy Ferenc László and Xiaochuan Zhang of SophosLabs for the behind-the-scenes effort they put into this article.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |