Ztorg: money for infecting your smartphone

This research started when we discovered an infected Pokémon GO guide in Google Play. We detected the malware as Trojan.AndroidOS.Ztorg.ad. After some searching, I found some other similar infected apps that were being distributed from the Google Play Store. After I started tracking these infected apps, two things struck me – how rapidly they became popular and the comments in the user review sections. Read Full Article

Expensive free apps

Fraudulent apps trying to send Premium SMS messages or trying to call to high rate phone numbers are not something new. It is much more interesting to talk about how certain groups bypass detection mechanisms such as those used by Google Play, since this has become difficult to achieve in the past few years. Read Full Article

Do web injections exist for Android?

Man-in-the-Browser (MITB) attacks can be implemented using various means, including malicious DLLs, rogue extensions, or more complicated malicious code injected into pages in the browser. We’re often asked if there are any web injection attacks for Android devices. This is our attempt to investigate and give as full an answer as possible. Read Full Article

Switcher: Android joins the ‘attack-the-router’ club

Recently, in our never-ending quest to protect the world from malware, we found a misbehaving Android trojan. Although malware targeting the Android OS stopped being a novelty quite some time ago, this trojan is quite unique. Instead of attacking a user, it attacks the Wi-Fi network the user is connected to, or, to be precise, the wireless router that serves the network. Read Full Article

Disassembling a Mobile Trojan Attack

In fact, any site using AdSense to display adverts could potentially have displayed messages that downloaded the dangerous Svpeng and automatically saved it to the device’s SD card. We intercepted traffic coming from the attacked device when this sort of “advert” was displayed, and figured out how the malicious program was downloaded and automatically saved. Read Full Article