Zero Day

Ryan Naraine and Dancho Danchev

Bogus Android apps lead to malware

By Dancho Danchev | February 17, 2011, 3:47am PST

Summary: Security researchers have detected a new trojan horse targeting Android users.

Security researchers have detected a new trojan horse targeting Android users.

Using bogus Anroid apps, HongTouTou (also known as ADRD trojan) is using Android app marketplaces and forums to spread. The campaign is localized to Chinese; namely, it attempts to trick only Chinese speaking users.

Upon execution, the malware requests additional capabilities, next to sending the device’s IMEI and IMSI to a remote host.

More info:

HongTouTou is included in repackaged apps made available through a variety of alternative app markets and forums targeting Chinese-speaking users. To date Lookout security researchers have identified fourteen separate instances of the HongTouTou Trojan repackaged in Android apps including RoboDefense (a well known game) and a variety of wallpaper apps.

More from “Zero Day”

DHS incorrectly associates 84,000 web sites with child pornography

Microsoft confirms Windows BROWSER protocol zero-day

Topics

Android, Cyberthreats, Researcher, Malware, Attack, Security, Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Full Bio
Disclosure
Contact

Vendor HotSpot

Here to help you with your Document Management Needs

Read the DocuMentor blog now

Learn More »

Talkback Most Recent of 111 Talkback(s)

Follow via:: RSS; Email Alert

RE: Bogus Android apps lead to malware

If you are downloading pirated apps from the chinese market (Not the Android Market, mind you), You enable installing applications from non-market locations, you don't check what permissions that applications is asking for, and you allow it to access your text messages through permissions requests, then you deserve what you get. Again, Virus on Android threats are over blown. I guess look out is trying to stay relevant.
tatiGmail
17th Feb 2011
- Reply to
- Flag
RE: Bogus Android apps lead to malware

@tatiGmail I don't think they are overblown to the average user who gets stuck with one. People just want their phones to work and work safely. Unfortunately, Android has proven itself incapable of living up to those expectations.
Tiggster
17th Feb 2011
- Reply to
- Flag
RE: Bogus Android apps lead to malware

@Tiggster

Android is incapable because people download pirated software. Last I remember the Iphone also had issues with Malware on jail broken phones.

http://www.iphonefaq.org/archives/iphone-malware

try again my friend
RoboRobp
17th Feb 2011
- Flag
RE: Bogus Android apps lead to malware

@RoboRobp You can't blame Apple for somebody violating their license agreement and modifying their device. Android allows for alternative marketplaces and everything else under the sun which opens their users up to harmful code. It is insecure and shouldn't be used in enterprise environments.
Tiggster
17th Feb 2011
- Flag
RE: Bogus Android apps lead to malware

@Tiggster

So you can't blame Apple for users loading side applications and software but you can blame Android. Perfect reasoning in my book. I blame users for not taking the correct precautions on either operating system. My point being this can happen to anyone on any operating system if you are not educating yourself.

P.S. you cannot install apps from outside the Market without first changing your setting in Android to "Allow Unknown Sources" and upon checking that you get a huge warning about how this makes your phone more vulnerable to attacks by applications and it is your responsibility to know what you are installing. I don't think it can get any more straight forward then that.
RoboRobp
17th Feb 2011
- Flag
@RoboCop

Android has had multiple cases of this in the Market Place. To the point of Google doing remote kills of apps.
Bruizer
17th Feb 2011
- Flag
RE: Bogus Android apps lead to malware

@Bruizer

As noted below that apps you had in question were not actually malware
RoboRobp
17th Feb 2011
- Flag
@ RoboRobp

As noted below, the one of five (that I know) of that you pointed to, that is true. The others it is not.
Bruizer
17th Feb 2011
- Flag
RE: Bogus Android apps lead to malware

@bruizer

As I just noted, please show qualified references
RoboRobp
17th Feb 2011
- Flag
RE: Bogus Android apps lead to malware

@RoboRobp
You can't sideload apps in iPhone unless you JB it or the app is adhoc distribution. If it JBed, then the user must know the consequences. If it is adhoc distribution, then you are part of the team. Like you said n Android, under settings, there is a checkmark to install apps that are from unknown sources. If you say yes to it, you can install apps from Non-Market also, which is not possible in iPhone. Also it is possible to install a cooked rom in Android and that may already have malware, in iPhone, nada.
Rama.NET
17th Feb 2011
- Flag
RE: Bogus Android apps lead to malware

@Rama.net

Yes a Setting that warns you of the consequences of what you are doing. Therefore if you select this you now know the consequences just like a JBed Iphone user would. The average user does not need to enable this and has no need to get their apps from anywhere other then the market. Ignorance on part of the user does not make an OS problematic.

Also if the user is rooting and installing a Rom on their phone, they should be tech savvy enough to know the consequences of what they are installing.
RoboRobp
17th Feb 2011
- Flag
RE: Bogus Android apps lead to malware

@RoboRobp That's not entirely accurate - the Ikee work/ rickrolling was due to people who jailbroke their iOS devices, enabled SSH, AND did not change the default password.
Pete "athynz" Athens
17th Feb 2011
- Flag
RE: Bogus Android apps lead to malware

@athynz

What part is not entirely accurate? Was there malware from a 3rd party market on the iphone? Yes. That is what this article is about with android.
RoboRobp
17th Feb 2011
- Flag
CrApple's App Store has far greater problems for Developers and Users!

@Tiggster On several occasions the CrApple App Store and iTunes have had far greater abuse of it's market and iOS platform than any other mobile platform in history. Talk about bogus Apps.... how about Apps that buy a certain developer's other apps? That was happening in huge numbers last 4th of July. Bogus Apps made in India, Viet Nam and China were charging repeat high dollar purchases on iCrAppleholic's iTunes accounts for numerous games and Apps. So they don't have to be so called Tojans operating outside Google's Android Market. With CrApple iTunes they have true Tojan Apps inside their own store. CrApple's devices don't have to be jail broken to be taken advantage of!

The same thing happened to AOL Hell and Compuserve. Where they abused their own "Garden Walled In" customers for their own gains. That's why neither Garden Walled Network exists today. When these customers finally realized that they were being more abused by these Garden Walled systems, they revolted and a mass exodus from them buried these Garden Walled Dumb Terminal Networks! .....CrApple's Greed for power and wealth will kill them too!!!

http://www.appleinsider.com/articles/10/07/04/itunes_app_store_hit_by_developer_and_account_fraud.html

http://www.hovied.com/technology/2010/itunes-accounts-and-app-store-hacked-fraudulent-purchases-made-04076403.html

There were in fact 1000's not 100's affected as CrApple struggled to regain control. Paypal and Credit Card Account information was compromised and hell reigned supreme over many iCrAppleholics!!!

Has it somehow ended? No!!! ....even now there are bogus developers still being allowed to sell Apps stolen and copied from legitimate developers. What does CrApple do? Nothing..... don't even bother to ban these bogus developers stealing Apps, just so they can collect double and boast of how many Apps are in their totally compromised iTunes Store!!!
i2fun@...
17th Feb 2011
- Flagged
@RoboRobp:

"So you can't blame Apple for users loading side applications and software but you can blame Android."
Exactly. To get a jailbroken iPhone, the user has to disable certain security protocols; these protocols do not exist on an Android, so the user doesn't have to 'jailbreak' it to install software from other sources.

"I blame users for not taking the correct precautions on either operating system. My point being this can happen to anyone on any operating system if you are not educating yourself."
How? When one has to be intentionally disabled and the other doesn't have any protections, how can the user be at fault in both cases?

"P.S. you cannot install apps from outside the Market without first changing your setting in Android to "Allow Unknown Sources" and upon checking that you get a huge warning about how this makes your phone more vulnerable to attacks by applications and it is your responsibility to know what you are installing."
First off, many Android users demanded exactly that capability. Such capability does not exist in an iPhone so it becomes inherently impossible for a non-techie to disable the security while that same user, quite likely to be used to similar pop-up windows on their PCs, will simply tap 'OK' and continue on. In other words, Android has made it very easy for anyone to 'accidentally' bypass the OS's security while iOS actively blocks such a simply bypass.

iOS users' fault? Yes -- he did it to himself.
Android users' fault? Not necessarily. Just going to an external app source is all it takes.
vulpine@...
17th Feb 2011
- Flag