“‘Why do you rob banks? Because that’s where the money is’.”īoth the developer behind the Best Fortune Explorer app and Google were asked for comments before this story was published. More simply, “it’s like the Willie Sutton quote,” he told me. As to why Android seems to be plagued by such issues-Laycock puts it down to scale, the use of open source code and side loading from third party stores. They’re all free and, according to White Ops, they should all be removed immediately. They include a bedtime reminder, a “cute” love test, a lie detector and even a days counter. Other apps disclosed by White Ops and found to be hiding the same malicious code are listed below. Whether this was selected at random for its obscurity or because there are Russian origins to the code has not been disclosed. “The other was obfuscation-we’ve seen that before, but it was interesting to us that they were using characters from the Udmurt language.” A Cyrillic character was used within the code execution “to make analysis more difficult.” Udmurt is a local dialect from the Volga region of Russia. The fraudsters had “several methods to maintain what we call persistence,” Laycock explained. This is part of a framework that can flex the numbers of ads delivered over time windows, all based on the behaviours and status of the infected device. The app seeks to avoid detection from organic installs-meaning automated systems that find and install the app and then check it for any unwanted threats. The apps will only display ads if the install follows a promotional push, in essence a user responding to a click, an invite to install. The developers of this particular malicious code module have focused on avoiding detection from antivirus software and security researchers.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |