The Latest in IT Security

17 Bad Mobile Apps Still Up, 700,000+ Downloads So Far

04
May
2012

We’ve reported previously that malicious apps were discovered in the official Android app store, which is now known as Google Play. While those reported apps were removed, more malicious apps have been seen in the official marketplace and appear to be still victimizing users. This is just one of the important reasons why we feel that a technology like our Trend Micro Mobile App Reputation is crucial in users’ overall mobile experience and security.

In total, we have discovered 17 malicious mobile apps still freely downloadable from Google Play: 10 apps using AirPush to potentially deliver annoying and obtrusive ads to users and 6 apps that contain Plankton malware code.

Application Name Package Name App Developer Brief Behavior Description
Spy Phone PRO+ com.spinXbackup.backupApp Krishan Sends out GPS location, SMS and call log
?????? com.antonio.smiley.free Antonio Tonev Connects to C&C server and waits for the command
?????? com.antonio.wardrobe.apps.lite Antonio Tonev Connects to C&C server and waits for the command
?????? com.christmasgame.balloon Ogre Games Connects to C&C server and waits for the command
????? com.macte.JigsawPuzzle.Aviation Macte! Labs Connects to C&C server and waits for the command
??? com.macte.JigsawPuzzle.Hills Macte! Labs Connects to C&C server and waits for the command
??? com.macte.JigsawPuzzle.Food Macte! Labs Connects to C&C server and waits for the command
NBA SQUADRE PUZZLE GAME com.bestpuzzlesgames.NBA1 Crisver Pushes applications and advertisements to user
NFL Puzzle Game com.bestpuzzlesgames.nfl Crisver Pushes applications and advertisements to user
???? com.macte.JigsawPuzzle.Indians Macte! Labs Pushes applications and advertisements to user
??:?? com.macte.JigsawPuzzle.NewYorkCity Macte! Labs Pushes applications and advertisements to user
Cricket World Cup and Teams com.bestpuzzlesgames.cricket Crisver Pushes applications and advertisements to user
??3D com.killu.m3d Killugames Pushes applications and advertisements to user
??????? com.killu.bds Killugames Pushes applications and advertisements to user
?????? com.manic.bb Manic Puzzles Push applications and advertisements to user
??????? com.espu.bho Puzzles Push applications and advertisements to user
???????? com.espu.bafa Puzzles Push applications and advertisements to user

Among them, one app which explicitly describes itself as a spying app has also been flagged as a threat by Trend Micro due to its potential for misuse. This particular threat is known as ANDROIDOS_PDASPY.A. Its Google Play page makes it clear what its purpose is:

The attacker must initially install and set up this particular app onto the target phone, as can be seen in the following screenshots:

Its capabilities include tracking a phone’s location, phone calls, and messages. Once the attacker presses the “Save & Start” button, the attacker can then track the device via the website given:

Most of these apps have been downloaded several thousand times. The above PDASpy app appears to have been downloaded more than 100,000 times. Collectively, the detected apps have been downloaded more than 700,000 times. Users not running any mobile security app may be victimized by annoying ads (AirPush) or the apps’ (Plankton) malicious connections to remote C&Cs.

We discovered these apps as part of our Mobile App Reputation (MAR) efforts. We continuously monitor both official and third-party app stores for both newly uploaded and popular apps and check for the behavior of these apps. We look not just for malicious behavior, but also bandwidth-consuming and battery-consuming routines.

Trend Micro Mobile Security Personal Edition is capable of detecting the threats we mentioned above.

Related:

Leave a reply


Categories

FRIDAY, MARCH 29, 2024
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments