Android Adware Detected in more than 100 apps in the Official Play Store by Security Researchers. Android Adware Shows Ads in Notification Panel, Status Bar and Home Screen.
Android Adware Detected, Showing Ads in Notification Panel, Status Bar and Home Screen.
The Apps Collect Unwanted Data from the User by Adwares and Spywares in order to Deliver Malware to the Victims. The AntiVirus Maker Dr.Web has detected Android.Spy.277.
The Android.Spy.277 is Installed over 3.2 Million Times.
The App Range from Photo Editing Apps to Live Wallpaper Apps And Some Pretty Simple Games. Once The Adware is Installed in the Phone, It Finds way(Mostly Internet) to Deliver Information Like,
- “email”—email address connected to a Google user account. It is obtained from AccountManager; at that, only getAccountsByType(“com.google”) is used.
- “app_id”—meta-data from the manifest.xml file of the infected application.
- “gcm_id”—GCM identifier (Google Cloud Messaging id).
- “sender_id”—the application identifier specified by the server.
- “app_version_code”—android:versionCode from the manifest.xml file.
- “package_name”—name of the package containing the Trojan.
- “sdk_version_name”—SDK version.
- “sdk_version_code”—the Trojan’s SDK build number.
- “android_id”—unique identifier.
- “imei”—IMEI identifier.
- “android_version”—operating system version.
- “model”—mobile device model.
- “screen”—screen resolution.
- “phone”—cell phone number.
- “api_version”—SDK version of the application.
- “country”—the user’s geolocation.
- “cpu”—CPU type.
- “mac”—MAC address of the power adapte.
- “user_agent”—generates User Agent line for a certain device, considering such parameters as Build.VERSION.RELEASE, Build.VERSION.CODENAME, and Build.MODEL, Build.ID.
- “carrier”—mobile network operator.
- “is_plugin”—informs the server whether the Trojan is launched from the original aaplication (the false value) or from its plug-in located in its software resources (the false value).
- “time_from_begin”—specifies a time period after which the Trojan starts transmitting data to the server.
- “install_referrer”—by default, sends the “Others” value.
- “connection_type”—network connection type.
- “connection_sub_type”—network subtype.
- “is_rooted”—availability of root access (the true or false value).
- “active_device_admin”—indicates whether an infected application has administrator privileges (the true or false value).
- “has_gp”—indicates whether a Google Play application is on the device (the true or false value).
- “Install from = ” – “Google Play”/”Others”—indicates whether the infected application is installed from Google Play or from a third-party app store.
All The Information including the App Name is Then Uploaded to C&C Server, Every Time the User Starts the App.
Afterwards Android.Spy.277 Installs more apps with same infection. Why? Common Sense, If the App is Uninstalled, The Other can Take Over.
Dr-Web say that They have Notified Google.
At Present, There are 104 Applications That has Android.Spy.277.origin:
- com.true.icaller
- com.appstorenew.topappvn
- com.easyandroid.free.ios6
- com.entertainmentphotoedior.photoeffect
- lockscreenios8.loveslockios.com.myapplication
- com.livewallpaper.christmaswallpaper
- com.entertainment.drumsetpro
- com.entertainment.nocrop.nocropvideo
- com.entertainment.fastandslowmotionvideotool
- com.sticker.wangcats
- com.chuthuphap.xinchu2016
- smartapps.cameraselfie.camerachristmas
- com.ultils.scanwifi
- com.entertainmenttrinhduyet.coccocnhanhnhat
- com.entertainment.malmath.apps.mm
- com.newyear2016.framestickertet
- com.entertainment.audio.crossdjfree
- com.igallery.styleiphone
- com.crazystudio.mms7.imessager
- smartapps.music.nhactet
- com.styleios.phonebookios9
- com.battery.repairbattery
- com.golauncher.ip
- com.photo.entertainment.blurphotoeffect.photoeffect
- com.irec.recoder
- com.Jewel.pro2016
- com.tones.ip.ring
- com.entertainment.phone.speedbooster
- com.noelphoto.stickerchristmas2016
- smartapps.smstet.tinnhantet2016
- com.styleios9.lockscreenchristmas2016
- com.stickerphoto.catwangs
- com.ultils.frontcamera
- com.phaotet.phaono2
- com.video.videoplayer
- com.entertainment.mypianophone.pianomagic
- com.entertainment.vhscamcorder
- com.o2yc.xmas
- smartapps.musictet.nhacxuan
- com.inote.iphones6
- christmas.dhbkhn.smartapps.christmas
- com.bobby.carrothd
- com.entertainment.camera.fisheyepro
- com.entertainment.simplemind
- com.icall.phonebook.io
- com.entertainment.photo.photoeditoreffect
- com.editphoto.makecdcover
- com.tv.ontivivideo
- smartapps.giaixam.gieoquedaunam
- com.ultils.frontcamera
- com.applock.lockscreenos9v4
- com.beauty.camera.os
- com.igallery.iphotos
- com.calculator.dailycalories
- com.os7.launcher.theme
- com.trong.duoihinhbatchu.chucmungnammoi
- com.apppro.phonebookios9
- com.icamera.phone6s.os
- com.entertainment.video.reversevideo
- com.entertainment.photoeditor.photoeffect
- com.appvv.meme
- com.newyear.haitetnew
- com.classic.redballhd
- com.entertainmentmusic.musicplayer.styleiphoneios
- com.camera.ios8.style
- com.countdown.countdownnewyear2016
- com.photographic.iphonecamera
- com.contactstyle.phonebookstyleofios9
- com.entertainment.blurphotobackground.photoeffect.cameraeditor.photoeffect
- com.color.christmas.xmas
- com.bottle.picinpiccamera
- com.entertainment.videocollagemaker
- com.wallpaper.wallpaperxmasandnewyear2016
- com.ultils.lockapp.smslock
- com.apppro.phonebookios9
- com.entertainment.myguitar.guitarpro
- com.sticker.stickerframetet2016
- com.bd.android.kmlauncher
- com.entertainment.batterysaver.batterydoctor
- com.trong.jumpy.gamehaynhatquadat
- com.entertainmentphotocollageeditor
- smartapps.smsgiangsinh.christmas2016
- smartapps.musicchristmas.christmasmusichot
- com.golauncher.ip
- com.applock.lockscreenos9v4
- com.imessenger.ios
- com.livewall.paper.xmas
- com.main.windows.wlauncher.os.wp
- com.entertainmentlaunchpad.launchpadultimate
- com.fsoft.matchespuzzle
- com.entertainment.photodat.image.imageblur
- com.videoeditor.instashot
- com.entertainment.hi.controls
- com.icontrol.style.os
- smartapps.zing.video.hot
- com.photo.entertainment.photoblur.forinstasquare
- com.entertainment.livewallpaperchristmas
- com.entertainment.tivionline
- com.iphoto.os
- com.tool.batterychecker
- com.photo.multiphotoblur
- smartapps.nhactet.nhacdjtet
- com.runliketroll.troll
- com.jinx.metalslug.contra