New Android malware is being distributed through mobile ad networks
Security researchers from Palo Alto Networks found Android apps downloading malware from rogue mobile ad networks
IDG News Service - Mobile ad networks can provide a loophole to serve malware to Android devices, according to researchers from security firm Palo Alto Networks who have found new Android threats being distributed in this manner.
Most mobile developers embed advertising frameworks into their applications in order to generate revenue. Unlike ads displayed inside Web browsers, ads displayed within mobile apps are served by code that's actually part of those applications.
The embedding of code for the advertising network into a mobile application itself ensures that ads get tracked and the developers get paid, but at the same time this third-party code represents a backdoor into the device, said Wade Williamson, senior security analyst at Palo Alto Networks, in a Monday blog post.
"If the mobile ad network turns malicious, then a completely benign application could begin bringing down malicious content to the device," Williamson said. "What you have at that point is a ready-made botnet."
There are precedents for this type of attack. In April, mobile security firm Lookout identified 32 apps hosted on Google Play that were using a rogue ad network later dubbed BadNews. The apps were benign, but the malicious ad network was designed to push toll fraud malware targeting Russian-speaking users through those apps. The malware masqueraded as updates for other popular applications.
According to Williamson, researchers from Palo Alto Networks recently came across a similar attack in Asia that involved using a rogue ad network to push malicious code through other apps without being detected by mobile antivirus vendors.
The malicious payload pushed by the ad network runs quietly in the device memory and waits for users to initiate the installation of any other application, Williamson said. At that point, it prompts users to also install and grant permissions to the malware, appearing as if it's part of the new application's installation process, he said.
"This is a very elegant approach that doesn't really require the end-user to do anything 'wrong'," the researcher said.
Once installed, the malware has the ability to intercept and hide received text messages, as well as to send text messages in order to sign up users for premium-rate mobile services, Palo Alto Networks said in a description of the attack sent via email.
Such attacks are probably specific to certain geographic regions, said Bogdan Botezatu, a senior e-threat analyst at antivirus vendor Bitdefender, Tuesday via email.
Botezatu expects the distribution of malware through mobile ad networks to become more common, especially in countries where mobile devices can't access the official Google Play store or where users have difficulties in purchasing applications in a legitimate manner, causing most Android devices to be configured to accept APKs (Android application packages) from unknown sources.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts