1,730 malicious apps still available on popular android app providers

4
Friday, January 18, 2 Tweet Tweet 82 0 The presence of malicious apps on Google Play and other popular Android app providers remains a persistent problem. As of the first week of December, approximately 1,700+ malicious apps are still available on the Google Play and two third-party Android app distributors. Though app providers have implemented certain regulations to mitigate the ruckus of malicious or high-risk apps, we are still noticing that these apps are being peddled on popular third party app providers. Some were even downloaded more than 100,000 times. During December 5th- December 10th, we found that a total of 1,730 can still be downloaded from Google Play and two other third party app providers we’ve observed. The chart below shows a comparison of the number of unique malware available on these sites. We noted that there are specific malware families available per site. The pie charts below show the distribution for each app provider. For app Google Play, FAKEAPP variants have the most number. FAKEAPP are rogue or fake versions of well-known apps. Once users are tricked into installing them, these apps steal sensitive information from the device and send these to remote servers. For the top third-party app providers, the likeliest malicious apps that users can encounter are GAPPUSIN variants. GAPUSSIN variants are known to download other malicious apps and steal information from users.

Upload: harsan

Post on 02-Nov-2014

19 views

Category:

Documents


0 download

DESCRIPTION

Malicious Apps

TRANSCRIPT

Page 1: 1,730 Malicious Apps Still Available on Popular Android App Providers

1/18/13 1,730 Malicious Apps Still Available on Popular Android App Providers

blog.trendmicro.com/trendlabs-security-intelligence/1730-malicious-apps-still-available-on-popular-android-app-providers/ 1/4

Bad Sites Botnets Data Exploits Hacked Sites Mac Malware Mobile Olympics Social Media Spam Targeted Attacks Vulnerabilities

Search our blog:

Go

Hiding in Plain Sight: The FAKEM

Remote Access Trojan

Pulsing the HeartBeat APT

What Kind of Targeted Attacks Will We

See in 2013?

The Trends in Targeted Attacks of

2012

Unsophisticated Wiper Malware

Makes Headlines

Bookmark the Threat Intelligence Resources site

to stay updated on valuable information you can

use in your APT defense strategy

The Issues Surrounding Android

Debugging

Mobile Browser Security: Problem

Exists Between Device and Chair

Holiday Season Unwraps Phishing,

Blackhole Exploit Attacks

Mobile Ad Networks: How Do They

Operate?

[Infographic] Unwrapping Mobile

Security During the Holidays

For information on all mobile threats and other

security risks, see Mobile Threat InformationHub on the Trend Micro Threat Encyclopedia.

Popular Posts

Java Fix for Zero-Day Stirs Questions

Java Zero-Day Exploit and Ruby on

Rails Vulnerabilities

Malware Poses as an Update for

Java 0-Day Fix

Java Zero-Day Exploit In The Wild,

Spreading Ransomware

What Would Scammers Want With

My Information?

Recent Posts

Trendlabs Security Intelligence > 1,730 Malicious Apps Still Available on Popular Android App Providers

Dec20 1,730 Malicious Apps Still Available on Popular Android App Providers

3:37 pm (UTC-7) | by Symphony Luo (Mobile Threat Analyst)

Friday, January 18, 2013 TweetTweet 82 0

The presence of malicious apps on Google Play and other popular Android app providers remains a persistent

problem. As of the first week of December, approximately 1,700+ malicious apps are still available on the Google

Play and two third-party Android app distributors.

Though app providers have implemented certain regulations to mitigate the ruckus of malicious or high-risk apps,

we are still noticing that these apps are being peddled on popular third party app providers. Some were even

downloaded more than 100,000 times.

During December 5th- December 10th, we found that a total of 1,730 can still be downloaded from Google Play and

two other third party app providers we’ve observed. The chart below shows a comparison of the number of unique

malware available on these sites.

We noted that there are specific malware families available per site. The pie charts below show the distribution for

each app provider. For app Google Play, FAKEAPP variants have the most number. FAKEAPP are rogue or fake

versions of well-known apps. Once users are tricked into installing them, these apps steal sensitive information

from the device and send these to remote servers.

For the top third-party app providers, the likeliest malicious apps that users can encounter are GAPPUSIN variants.

GAPUSSIN variants are known to download other malicious apps and steal information from users.

Page 2: 1,730 Malicious Apps Still Available on Popular Android App Providers

1/18/13 1,730 Malicious Apps Still Available on Popular Android App Providers

blog.trendmicro.com/trendlabs-security-intelligence/1730-malicious-apps-still-available-on-popular-android-app-providers/ 2/4

Hiding in Plain Sight: The FAKEM

Remote Access Trojan

Malware Poses as an Update for

Java 0-Day Fix

What Would Scammers Want With

My Information?

Java Fix for Zero-Day Stirs Questions

Microsoft, Oracle Release Security

Fixes for Zero-Day Exploits

Calendar

January 2013

S M T W T F S

« Dec

1 2 3 4 5

6 7 8 9 10 11 12

13 14 15 16 17 18 19

20 21 22 23 24 25 26

27 28 29 30 31

Affected users are likely to receive annoying pop-up ads, have their personal information stolen, or be charged for

certain services without their consent. For additional information, the table below provides short descriptions on the

routines of each malware family that are commonly found on the app providers we’ve observed.

Page 3: 1,730 Malicious Apps Still Available on Popular Android App Providers

1/18/13 1,730 Malicious Apps Still Available on Popular Android App Providers

blog.trendmicro.com/trendlabs-security-intelligence/1730-malicious-apps-still-available-on-popular-android-app-providers/ 3/4

The selling point of the Android platform is the freedom it gives to users to download apps from different app

providers. Users have the option to install apps from whichever sites they prefer. This freedom, however, has been

leveraged repeatedly by malicious developers and cybercriminals who want to take a bite of the Android craze. Just

this August, we’ve found 164 unique high-risk apps on Google Play and certain third-party app stores. Aside from

aggressively pushing ads, these apps are known to collect mobile data without the user’s knowledge and send

these to remote users.

Early this year, we’ve also noted 17 malicious apps available on Android’s official app provider, which were

downloaded more than 700,000 times. These include apps that track users’ location, calls, and messages.

With the way things are going, it may take a while before we see a decrease in malicious Android apps. As the

platform is poised to overshadow its competitors, we can even expect an increase in this threat. As predicted in our

2013 Security Threat Predictions, we are foreseeing a threefold increase in the number of malicious and high-risk

apps to users.

What does this mean for Android users? In a nutshell, they remain targets of shady developers and criminals who

are bent on taking advantage of the platform. Thus, one can never be too careful in downloading apps, even from

Google Play. Added precaution, such as researching about the app developer’s reputation may be added work for

users but it ensures a safer mobile experience.

We are continuously monitoring for app providers for both newly uploaded and popular apps and check for the

behavior of these apps. Trend Micro Mobile Security Personal Edition is capable of detecting the threats we

mentioned above.

To know more about Android-related threats and how to secure mobile devices, you can visit our Mobile Threat

Information Hub.

Share this artic le

T h i s e n t ry wa s p o ste d o n T h u rsd a y, De ce m b e r 2 0 th , 2 0 1 2 a t 3 :3 7 p m a n d i s f i l e d u n d e r M o b i l e . Yo u ca n l e a ve

a re sp o n se , o r t ra ckb a ck f ro m yo u r o wn si te .

Page 4: 1,730 Malicious Apps Still Available on Popular Android App Providers

1/18/13 1,730 Malicious Apps Still Available on Popular Android App Providers

blog.trendmicro.com/trendlabs-security-intelligence/1730-malicious-apps-still-available-on-popular-android-app-providers/ 4/4

0 comments

What's this? ALSO ON TRENDLABS

Watch Out for WORM_VOBFUS

Tim Martin — We saw tens of infections of this

new variant and were running a fully updated

OfficeScan server. I…

JACKSBOT Has Some Dirty Tricks up ItsSleeves

PhaseCoder — lmao this is stealth bots source

why use v1? v3 is way better

Malware Steals Image Files from Systems

Sycho — If that were the case, then why this

comment in the article.. ".DMP files are memory

dump files that…

3 Reasons Why Africa Will be the NewHaven for Cybercriminals

Manny — Very interesting! I have also been

tracking the number of systems visible on the

Internet in some We…

Leave a message...

DiscussionDiscussion CommunityCommunity ##ShareShare

No one has commented yet.

×

10 comments • 2 months ago

12 comments • 3 months ago

10 comments • 3 months ago

1 comment • a month ago

Com m ent feedr Subs cribe via em ai lm

0★

Top 5 Consumer Threats for 20123 Reasons Why Africa Will be the New Haven for Cybercriminals

© Copyright 2011 Trend Micro Inc. All rights reserved. Legal Notice

TrendLabs

TrendLabs

Join the conversation

Other Trend Micro blogs

CTO Insights

CounterMeasures Blog

Cloud Security Blog

Consumerization Blog

Fearless Web

Internet Safety for Kids &

Families

Simply Security News

Trend Micro Blog [German]

TrendLabs Security Blog

[Japan]

Cloud Security APAC

Do you have a product-relatedquestion? Visit our eSupport website.

TrendLabs Malware Poses as anUpdate for Java 0-Day Fix:bit.ly/UTtH0Oabout 1 hour ago · reply · retweet · fav orite

TrendLabs "Fullz" contain victimprofiles, containing lots of personalinformation: bit.ly/WgLSP03 hours ago · reply · retweet · fav orite