New Android malware is being distributed through mobile ad networks
Security researchers from Palo Alto Networks found Android apps downloading malware from rogue mobile ad networks
IDG News Service - Mobile ad networks can provide a loophole to serve malware to Android devices, according to researchers from security firm Palo Alto Networks who have found new Android threats being distributed in this manner.
Most mobile developers embed advertising frameworks into their applications in order to generate revenue. Unlike ads displayed inside Web browsers, ads displayed within mobile apps are served by code that's actually part of those applications.
The embedding of code for the advertising network into a mobile application itself ensures that ads get tracked and the developers get paid, but at the same time this third-party code represents a backdoor into the device, said Wade Williamson, senior security analyst at Palo Alto Networks, in a Monday blog post.
"If the mobile ad network turns malicious, then a completely benign application could begin bringing down malicious content to the device," Williamson said. "What you have at that point is a ready-made botnet."
There are precedents for this type of attack. In April, mobile security firm Lookout identified 32 apps hosted on Google Play that were using a rogue ad network later dubbed BadNews. The apps were benign, but the malicious ad network was designed to push toll fraud malware targeting Russian-speaking users through those apps. The malware masqueraded as updates for other popular applications.
According to Williamson, researchers from Palo Alto Networks recently came across a similar attack in Asia that involved using a rogue ad network to push malicious code through other apps without being detected by mobile antivirus vendors.
The malicious payload pushed by the ad network runs quietly in the device memory and waits for users to initiate the installation of any other application, Williamson said. At that point, it prompts users to also install and grant permissions to the malware, appearing as if it's part of the new application's installation process, he said.
"This is a very elegant approach that doesn't really require the end-user to do anything 'wrong'," the researcher said.
Once installed, the malware has the ability to intercept and hide received text messages, as well as to send text messages in order to sign up users for premium-rate mobile services, Palo Alto Networks said in a description of the attack sent via email.
Such attacks are probably specific to certain geographic regions, said Bogdan Botezatu, a senior e-threat analyst at antivirus vendor Bitdefender, Tuesday via email.
Botezatu expects the distribution of malware through mobile ad networks to become more common, especially in countries where mobile devices can't access the official Google Play store or where users have difficulties in purchasing applications in a legitimate manner, causing most Android devices to be configured to accept APKs (Android application packages) from unknown sources.
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts