Did You Know?



Reply
Community Leader
Jasper_The_Rasper
Posts: 1,093
Registered: ‎06-12-2013

Android adware that MUST NOT BE NAMED threatens MILLIONS

A popular mobile ad library used by multiple Android apps poses a severe malware threat, researchers at infosec firm FireEye have warned. The security researchers said that altogether 200 million affected apps had been downloaded.

This ad library aggressively collects sensitive data and is able to perform dangerous operations such as calling home to a command-and-control server before downloading and running secondary components on demand.

 

Mobile ad libraries are third-party software included by host apps in order to display ads. Because this library could potentially be used to conduct large-scale attacks on millions of users, FireEye refers to it anonymously by the code name “Vulna” rather than revealing its true identity.

An analysis of the most popular apps (those with over one million downloads) on Google Play reveals that 1.8 per cent of them used "Vulna". The potentially affected apps have been downloaded more than 200 million times in total.

 

Full Article

Community Leader

Please use plain text.
YegorP
Posts: 684
Topics: 237
Kudos: 610
Registered: ‎02-15-2012

Re: Android adware that MUST NOT BE NAMED threatens MILLIONS

Thanks for posting this! It's a very interesting story and our threat researchers are currently investigating the threat.

--Yegor P--
Social Media Content Coordinator

New to the Community? Sign up for FREE today.
Please use plain text.
DavidP1970
Posts: 3,229
Kudos: 1,651
Registered: ‎10-28-2012

Re: Android adware that MUST NOT BE NAMED threatens MILLIONS


YegorP wrote:

Thanks for posting this! It's a very interesting story and our threat researchers are currently investigating the threat.


Yegor, 

 

I am pretty sure my phone is clean of that library, but please do let us know what the Threat Researchers find out about it, as well as how to tell if your phone has it on it for those of us who have a device too old to run the current Webroot Mobile!



      

New to the Community? Register now and start posting!



Helpful Webroot Links:


Download (PC)   Download (Best Buy Subscription)   Submit Trouble Ticket   Account Console   User Guides   



"If you don't learn something new every day, you need to pay more attention. I often get my daily learning here so grab a chair and stay a while!"
WSA-Complete (Beta Tester), Toshiba Satellite L305, Intel Pentium Dual CPU at 1.87 GHz, 3 GB RAM With Windows 7 (x86) (Yes its old.. but it still usually works! : )
Please use plain text.
pegas
Posts: 1,677
Topics: 71
Kudos: 756
Ideas: 17
Registered: ‎02-23-2012

Re: Android adware that MUST NOT BE NAMED threatens MILLIONS

A frightening thing!

I have a few applications on my Android device which display ads, so I am very eager to know whether installed WSA Complete protects my phone and how to verify that phone isn't plagued by this adware.

 

Yegor, please keep us informed!

 

Thanks!

Sr. Expert Advisor

Please use plain text.
pegas
Posts: 1,677
Topics: 71
Kudos: 756
Ideas: 17
Registered: ‎02-23-2012

Re: Android adware that MUST NOT BE NAMED threatens MILLIONS

@YegorP sorry to catch you up but do you have any information from researchers? We should know where we are.

Sr. Expert Advisor

Please use plain text.
MikeR
Posts: 1,632
Topics: 138
Kudos: 748
Registered: ‎02-15-2012

Re: Android adware that MUST NOT BE NAMED threatens MILLIONS

[ Edited ]

Many security vendors have been marking ad providers as adware/malware for exhibiting similar behaviors. We already protect against many different ad libraries capable of the exact same behaviors described by FireEye.

 

Both, Google and the developer of the software have been notified about the threat.

 

Webroot identifies malicious behaviors and marks apps accordingly. In this case, FireEye already claims to have addressed the issue direcltly with Google themselves.

Please use plain text.
pegas
Posts: 1,677
Topics: 71
Kudos: 756
Ideas: 17
Registered: ‎02-23-2012

Re: Android adware that MUST NOT BE NAMED threatens MILLIONS

OK, thanks Mike for the explanation.

 

Does it mean that even if I have a few free Android applications installed which show ads they are harmless in fact because otherwise WSA would catch them as bad?

Sr. Expert Advisor

Please use plain text.
MikeR
Posts: 1,632
Topics: 138
Kudos: 748
Registered: ‎02-15-2012

Re: Android adware that MUST NOT BE NAMED threatens MILLIONS

We wouldn't allow you to install apps with malicious ads and we notify Google if we find any. 

 

Hypothetically, if you were to click on a malicious ad in an app like a browser, the Execution Shield would come into play and keep you protected.

Please use plain text.
pegas
Posts: 1,677
Topics: 71
Kudos: 756
Ideas: 17
Registered: ‎02-23-2012

Re: Android adware that MUST NOT BE NAMED threatens MILLIONS

OK, I am not afraid of new installations.

 

My concern is in already installed applications which are NOT browsers. For instance Clean Master (very reputable Android cleaner, more than 10,000,000 downloads) that shows ads. How WSA will recognize that streamed ads are safe?

Sr. Expert Advisor

Please use plain text.
MikeR
Posts: 1,632
Topics: 138
Kudos: 748
Registered: ‎02-15-2012

Re: Android adware that MUST NOT BE NAMED threatens MILLIONS

They are determined 'good' or 'bad' by their behavior. 

 

If their behavior is malicious, we work with Google to remove them.

Please use plain text.