Wednesday, February 24, 2016

Adware cocktail, anyone?

Adwares have been a really huge malware trend this 2015. It not only aggressively displays ads, it also has other devious functions as well. Nowadays, Adware is not just Adware. And some adware capabilities are mixed in with others, like these malwares for example:

Adware with a mix of Scareware, Android.Trojan.HiddenApp.E.
This malware was discovered to have 10 Google Play apps available. These said malicious apps were designed to go under a different name when installed so that users would have a hard time uninstalling it.

 Once a user unknowingly installs an app with Android.Trojan.HiddenApp.E tucked inside it, the malware creates an app icon with google's green android's image and under the name, 'System Manager'. After installing it, the app's name will change so that the user will have a hard time finding out which malicious app to uninstall.

 This malware activates immediately and then hijacks the infected device's installed browsers(Android Stock Browser, Chrome, Firefox, TinyBrowser, and even Facebook). Every time the user uses their (preferred)browser, the malware redirects the user to various ad-displaying websites. And for each browser search, clicked URL or Facebook-opened link, the users are redirected to a certain webpage that displays various geolocation-specific ads that were intended to scare the user into subscribing to premium-rated numbers/services/subscriptions or trick the user into installing more adwares that are disguised as system or performance updates.



Adware with a shot of Rootkit, GhostPush aka Shedun.
Reportedly, this malware had infected over 600,000 Android Users. It was even said that users who have been infected with this malware are better off buying a new phone. 

 Shedun/GhostPush, is a malware that disguises itself as a legitimate app and usually spreads itself either through commercial SDKs or browser ads. Notable apps like Monkey Test and Time Service were known apps with the malware injected within them.

 This malware is capable of rooting the users device and then download and install additional malicious apps on to the infected device while aggressively displaying ads.
Cheetah Mobile's discovered malware procedure
Cheetah Mobile also discovered these apps that contain the malware GhostPush/Shedun:

  • Wifi Enchancer
  • TimeService
  • Indian Sexy Stories 2
  • Assistive Touch
  • Accurate Compass
  • All-star Fruit Slash
  • Happy Fishing
  • Monkey Test
  • PinkyGirls
  • XVideo Codec Pack
  • Amazon
  • Hubii News
  • itouch
  • Light Browser
  • XVideo
  • Memory Booster
  • WordLock
  • Fast Booster
  • Talking Tom 3
  • Photo Clean
  • Super Mario
  • SmartFolder
  • Simple Flashlight
  • Daily Racing
  • SettingService
  • boom pig
  • WhatsWifi
  • Hot Video
  • Lemon Browser
  • Multifunction Flashlight
  • Assistive Touch
  • Hot Girls
  • Sex Cademy
  • iVideo
  • Fruit Slots
  • Wifi Speeder
  • WiFi FTP
  • Ice Browser
  • PornClub


Article Ref: http://www.hotforsecurity.com/blog/new-android-adware-on-google-play-more-aggressive-than-ever-11470.html (for Android.Trojan.HiddenApp.E) and http://www.cmcm.com/blog/en/security/2015-09-18/799.html (for GhostPush/Shedun)
Posted by at
Labels: , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)