Phony Flash Player Plants Malware on Android Phones
By John P. Mello Jr.
PCWorldMay 12, 2012 8:18 am PDT
Adobe Flash Player users beware: A website that promises visitors a free copy of the download for all versions of Android is reportedly planting malware on smartphones running Google’s mobile operating system.
The infected web page used to distribute the malware was discovered in a number of Russian domains, wrote Karla Agregado, a fraud analyst with Trend Micro, in a recent company blog. A similar tactic emerged last month to infect Android phones with bogus copies of Angry Birds and Instagram.
When a visitor clicks the download button at the infected site, Agregado explained, a connection is made to another site that, without the guest’s knowledge, sends a malicious APK file to the mobile web surfer’s smartphone.
Once on the phone, the malware starts to secretly send text messages to premium numbers. This scam is a popular one among cyber criminals targeting Android phones. Symantec estimates in its most recent annual threat report that in 2011 some 18 percent of all mobile threats during the year involved premium SMS messages from infected phones.
“Malware that sends premium SMS text messages can pay the author $9.99 for each text and for victims not watching their phone bill could pay off the cyber criminal countless times,” Symantec noted.
Agregado wrote that she identified a bunch of URLs hosted on the same IP address as the infected web site. “Based on the naming alone used in these URLs, it appears that Android is a favorite target for cybercriminals behind this scheme,” she said.
Mobile threats are a growing trend, increasing 93 percent in 2011 over the previous year, according to John Harrison, Symantec group product manager for endpoint threat protection and security technology and response.
“Malware authors are continuing to find ways to monetize a lot of these threats,” he told PCWorld. While mobile threats are small compared to desktop and laptop threats, he observed, “it’s a growing upward trend that we will continue to watch.”