Hey Readers...
Recent measures to counter malicious programs from Android Market, adopted by Google, clearly did not like the developers of mobile infections. To avoid the virus robot Bouncer, who now patrols the official application store for Android, attackers have become more active interest in alternative methods of delivery of their "products".
An employee described in the Sophos corporate blog Naked Security, as some unknown person had sent him a Facebook request to add as a friend. When the analyst has studied the potential of his friend through the browser Android-communicator, he noticed a suspicious hyperlink to the questionnaire and decided to check it. As it turned out, his intuition did not fail: URL was malicious. First, the browser was redirected several times to other resources, and then completed his journey on the infected site, where, without any requests and confirmations download and install another phone model virus for Android.
Unwanted application, as it is fashionable now for hackers, it was equipped with a user agreement, which explicitly states that "services are provided on a reimbursable basis," and the entire responsibility for the consequences of infection rests with the user. However, despite the best efforts to pretend to be a legitimate product, in fact, this program is fairly typical thief of money: in its configuration file is stored encrypted pay premium numbers and text SMS-messages to be sent. As practice shows, like a thief can quickly devastate the phone owner's expense.
A few days later visited a specialist reference from the profile of a potential "friend" again. The browser of his mobile device at this time has turned out to be redirected to another resource, booted from other malicious application. He had a new name for the software package and a new code, but the features were similar to the previous skills of the sample. As an analyst concluded, someone clearly is actively working on creating new options for infection. The currently known examples included in the database as Sophos Andr / Opfake-C.
An employee described in the Sophos corporate blog Naked Security, as some unknown person had sent him a Facebook request to add as a friend. When the analyst has studied the potential of his friend through the browser Android-communicator, he noticed a suspicious hyperlink to the questionnaire and decided to check it. As it turned out, his intuition did not fail: URL was malicious. First, the browser was redirected several times to other resources, and then completed his journey on the infected site, where, without any requests and confirmations download and install another phone model virus for Android.
Unwanted application, as it is fashionable now for hackers, it was equipped with a user agreement, which explicitly states that "services are provided on a reimbursable basis," and the entire responsibility for the consequences of infection rests with the user. However, despite the best efforts to pretend to be a legitimate product, in fact, this program is fairly typical thief of money: in its configuration file is stored encrypted pay premium numbers and text SMS-messages to be sent. As practice shows, like a thief can quickly devastate the phone owner's expense.
A few days later visited a specialist reference from the profile of a potential "friend" again. The browser of his mobile device at this time has turned out to be redirected to another resource, booted from other malicious application. He had a new name for the software package and a new code, but the features were similar to the previous skills of the sample. As an analyst concluded, someone clearly is actively working on creating new options for infection. The currently known examples included in the database as Sophos Andr / Opfake-C.
0 comments:
Post a Comment