Mobile Malware Hosted on German Server Shows Diversity of Fraud


The ecology of mobile malware is beginning to take root and grow into a real wilderness as malicious software authors continue to penetrate the market. Fortunately, we have numerous vendors working to protect people’s phones. Recently, many antivirus and mobile security vendors discovered an interesting mix of malware being hosted on an undisclosed server in Germany. TrendLabs Malware Blog surveyed the malware discovered to look at what the authors were using against Internet mobile users.

We found a total of 1,351 websites hosted on the said server and categorize the sites into five segments based on the type of guise they use for the distributed malware:

  • Android Market apps
  • Opera Mini/ Phone Optimizer apps
  • Pornographic apps (sites were unavailable during time of checking)
  • App storage sites
  • Others (sites that were inaccessible during time of checking)

As for the unavailable sites, it seems that the attacker is still setting them up, or has permanently taken them down. The domains listed under App storage sites, which hosts Apps featured in the other domains, are inaccessible. However, the hosted Apps were still up thus making them available for download through the Android Market App and the Opera Mini/Photo Optimizer App sites.

The malware hosts revealed a surprising tactic of directing efforts in a shotgun approach towards multiple platforms. While Android has been seeing a giant increase in being targeted by viruses and malware, iOS and Symbian have also found themselves dead in the sights of malicious software.

Many of the apps act to pretend to be normal apps such as WhatsApp, Facebook Messenger, Barcode Scanner, Skype, Google Maps, Gmail, YouTube, and many others. Antivirus apps designed to protect mobile phones trigger on these malicious pretend apps as ANDROIDOS_FAKENOTIFY.A—a sneaky little Android Trojan that displays translated Russian text and sends messages to premium-rate numbers that costs the owner of the phone a great deal of money.

Mobile security is becoming a big trend (as it has been for the past year) and aside from Trendmicro, Norton Symantec is getting into the game by releasing a new security app. The middle of last year we saw an increase in the use of social engineering and fraudulent malware apps appearing on Android so it’s a good time to brush-up on your own security and know what you can do.

Most mobile security is all about only downloading apps from vendors that you already trust. Sticking to the market on your phone and verifying the source of downloaded apps before installing or authorizing them to use your phone. Also, a mobile security solution could be right for you if your lifestyle or job causes you do download risky apps on a regular basis.

Anyone can fall foul of many of these tricky apps; but fortunately the mobile security ecology is growing alongside the hackers and the Red Queen Race is on.

Much of mobile security is about paying attention and being prepared. This is the same for much of all online security.