App Market Malware Report (Nov-8)

 

Although Google has a series of security measures to keep malwares from Google play (such as routined scanning), there always malwares that slipped through. And one of our security team’s job is making the Android app market a saver place.

Everyday our behavior analysis platform and static analysis engine could identify hundreds of apps containing malicious behavior, such as steal your privacy, exploit vulnerabilities on your phone, or send unwanted SMS or phone calls. From today on, we will routinely updated with you the latest malwares that Trustlook has discovered on app markets, to show you what are the malwares look like and how they threatening your security.

Business Insider
Package Name: com.freerange360.mpp.businessinsider
Still on Google Play? Yes
Behavior: steal privacy (send the phone number to external server without your approval)
bizinsider1

bizinsider2

bizinsider3

TRIO Publications
Package Name: com.freerange360.mpp.thtrsopu
Still on Google Play? Yes
Behavior: steal privacy
360

3601

3602

Royal Poker
Package Name: com.RoyalP
Still on Google Play? Yes
Behavior: steal privacy
poker

poker1

Phone Book
Package Name: archfoe.phonebook
Still on Google Play? Yes
Behavior: steal privacy

MP3 Cutter
Package Name: com.beka.tools.mp3cutter
Still on Google Play? Yes
Behavior: send SMS on background
mp3

mp31

Smile Theme GO LauncherEX
Package Name: com.gau.go.launcherex.theme.smile
Still on Google Play? No
Behavior: Attempt to use “adb setuid rooting vulnerability” to gain root privilege on your phone. If successful,
golauncher
Although named after the famous “Go Launcher”, it’s a malware developed by 3rd party.

dsploit
Package Name: it.evilsocket.dsploit
Still on Google Play? No
Behavior: Attempt to use CVE-2011-3874 rooting your phone on background.
Named after the hacking tool “dSploit”, it’s developed by totally different people. It IS a hacking tool, but the trigger is not in your hand.

水果爱消除2
Package Name: com.fram.fruit.aixiaochu.ceshi
Still on Google Play? No
Behavior: Attempt to use CVE-2011-3874 rooting your phone on background.

Before you see this article, Trustlook Antivirus can identify all of them.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s