Android malware spreads via Facebook app

Android malware spreads via Facebook app

Summary: Facebook app used to circumvent Google's 'Bouncer' Android Market scanner.

TOPICS: Mobile OS, Apple

Updated 2/27/12: It seems it didn't take the bad guys long to find a way around Google's 'Bouncer' security scanner for the Android Market. Rather than uploading malware to the Android Market, security firm Sophos has discovered new malware that spreads via the Facebook app.

Security researcher Vanja Svajcer explains how it works:

A few days ago I received a Facebook friend request and, as is usual, used my Android smartphone to check out the details of the person before I decided whether I wanted to become "friends" or not.

As the following video demonstrates, a link on the user's Facebook profile redirected my browser to a webpage that downloaded malware automatically onto my Android phone.

The malware package is called any_name.apk and is yet another dialer that calls premium rate numbers without the handset owner's consent. This is a popular trick used by those writing malware for mobile devices because it's an easy way to siphon money from the victim to the bad guys.

Image credit: Sophos

Sophos detect the rogue application as Andr/Opfake-C.

Updated editor's note: Although the download is initiated automatically, a Google spokesperson noted that the malware app will not be installed unless the user initiates that install action.


Topics: Mobile OS, Apple

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • OMG

    Internet 101, people! It doesn't matter if it's a smart phone, desktop or any other web connected device... use common sense!

    This is a typical ZDNet dramatization of how "dangerous" Android is. There are several factors that would have to line up for this scenario to play out properly...

    1. The user would have to click on a link from someone they don't know
    2. The user would then have to manually click on the downloaded apk to initiate the install
    3. In order for #2 to happen, the user would have to manually enable apps from unknown sources in the system settings if they hadn't already
    4. Only then would this app be able to do anything

    By the time someone got to step 4, they'd have to be a severely oblivious user to get that far.

    Facbebook is not to blame here as the headline suggests... it just happened to be the source of the link that started this bogus nonsense.
    • On top of this...

      Symantec offers a free apk scanner that likely would have caught this package as well.

      Now, amazon is the cog here, if you want their app store and all of the free apps, you have to enable unknown sources.

      Even still, the fact that the user has to load this and it doesn't really infect Android on its own, tells me this has very little to do with Google or Android.
    • "... use common sense!"

      Which, in this case, would be: avoid Google and Facebook.
      • common sense...

        Or, the even more sensible thing is not to click OK to install something when you had no intention of installing an application.

        Afterclicking on the user's profile, you get redirected to a site and it begins downloading the app automatically; YOU still need to give the app permission to install. If you were merely going to check someone's profile on facebook, why would you need to install an app - common sense would say you wouldn't. Click no to the install, and magically the threat has been averted. Amazing!
      • Average users...

        don't know anything about potential malware. They just follow the instructions on their screen so they can view their facebook/twitter friends. People have been using Windows for years, and yet the casual users still install malware when they "should know better". Non-tech users really need to stay away from Android or it will end up costing them.
  • Sophos conveniently glossed over a couple points

    This all sounds bad until you looks closer. The linked click is a URL shortener that points to a file - which then gets downloaded. But, what happens next is the important part.

    First, lets clarify that the file is downloaded - NOT installed. Until installed, the file does nothing. By default, Android phones are set to not install applications downloaded from anywhere other than the market. So, to install the download, the user would have needed to previously checked "allow installation of non-market applications".

    Next, to install the Android system presents you with a list of permissions that the application requires and asks for the user if the accept and if it's okay to install.

    So yes, the link does download malware by just clicking the link. But, the malware is not installed and ran without user interaction. But, pointing out those pesky little facts doesn't drive clicks to Sophos and ZDnet ... best to imply that just clicking a link is a threat on Android in order to drive page views.
    • I see your point

      However I want to address this" [b]So, to install the download, the user would have needed to previously checked "allow installation of non-market applications".[/b] - how many Android users do indeed have that checked so they can use the Amazon App Market? I for one do as there are days the Free Apps are killer apps...
      • Re..

        It still needs to be granted authorization to install. The question remains that if you had no intention of installing an app, why would you click OK to the installation? If you are unable to realize that this is a blatant hijack, you may need to go back to using a DUMBphone... you should probably also stay away from email, because God knows you'll be sending money to a Nigerian otherwise.
  • If you accept a 'side-load' of any App, 'Go with God'

    This isn't a package from the Android Market Adrian.
    What is with you lately?
    Will you please put forth the effort to research a story fairly?
    Instead, you shoot from the hip.
    Dietrich T. Schmitz *Your
    • Larry Dignan

      Improve the quality of ZDNet:
      Fire AKH
      Hire Me
      Dietrich T. Schmitz *Your
      • Why?

        ZDNet already has SJVN who is a huge Linux Advocate - although you seem to be more open to the fact that even Linux has flaws and that Microsoft and Apple can do some things right...

        I'VE GOT IT! Instead of firing AKH fire SJVN and hire YOU to replace SJVN!
        • Keep SJVN, fire AKH, Hire DTS?

          Yes! That's it Man! Brilliant!
          A Guinness for athynz. :/
          Dietrich T. Schmitz *Your
      • Nah

        You seem more interested in software than hardware. And AKH is supposedly a hardware blogger.
        Michael Alan Goff
  • I just thought of something funny

    This is the Hardware 2.0 blog.
    Michael Alan Goff
  • because android is opensource

    The problem lies with android being the opensource,hacker can understand the underline code and architecture and do his job easliy,in case of iphone if hackers cant see the code then how can they hack it.
    That really makes a difference ,so android devices are more vulnerable to security threats.I hope google looks into this,and probably find out some way to prevent it as it has long way to go.

    r tripathi
    • Same reason Android is not allowed in our Corporate Setting

      because of open-source nature of the software, our Global IT leaders will not allow Android phones to be used in our corporate setting.
    • re..

      Has nothing to do with opensource, and everything to do with social engineering. No matter what you do, the user will always be the biggest threat to the security on any given device. This malware cannot do anything without the user's authorization.
  • re: because android is opensource

    Windows is closed-source as is Mac OS X. The malware miscreants have been having their way with Windows for years. And Mac OS X has malware too, though not nearly as much as does Windows. See ZDNet's security blog for the newest Mac OS X trojan.

    The big difference between iOS and Android is that Apple's App Store is closed while Android is, or can be, more open. Malware-laden apps still get placed into Google's Android Market and users can modify Android's default setting, allowing them to install apps from anywhere. And even with Apple's App Store being closed, the iOS app developers have been able to snatch contact information from their users. Isn't an app that steals one's contact information without permission malware?

    Oh, and social engineering is OS independent too.
    Rabid Howler Monkey