Android malware spreads via Facebook app

Android recently implemented a new program, called Bouncer to help keep malware off the Market, but it seems that there are some scammers who have found a way around the program, nevertheless. Security firm, Sophos have reported that there is malware going around via the Facebook application. Vanja Svajcer of Sophos reported that he got a Facebook friend request and he used his Android device to check the requester out before accepting the request. A link on the requester's Facebook profile redirected Svajcer's browser to a webpage automatically downloading malware to his Android phone. The malware package was called any_name.apk and it looks like it was designed to earn money for scammers through premium rate phone services. Watch the video below to see how the application got on to the Android device. 




Svajcer says that the malware caused extra concern because it was using a class name, com.opera.install, which made it look like it was associated with a legitimate Opera browser app. He says, "An encrypted configuration file inside the package includes the dialling codes for all supported countries (for instance, the UK is in there) and the premium rate number and text of the SMS message which it intends to send." The application makes an appearance to let you know what it plans to do when you run it, but in reality, it installs itself without your permission. When Svajcer visited the same link a few days later on his Android smartphone again, he was taken to another website, which downloaded a different application, allnew.apk. The new application performed the same function as the original malware, but was coded differently. Sophos says that they've detected the application as Andr/Opfake-C.


This kind of malware is similar to clickjacking, which takes place very often on Facebook. Users are usually shown a link that is malicious and provocative in nature and when they click on it, they are made to go through surveys, which ask them for very personal information before they are told they can see the video. Sometimes, the end result is a sale of very expensive premium telephone plans. However, even after they've filled out the surveys, the promise of viewing the video is never met. It's also called clickjacking, because when users click "Like" on the first bait page, their friends see that activity and are in a position to fall victim to the same trap.


Published Date: Feb 25, 2012 03:55 pm | Updated Date: Feb 25, 2012 03:55 pm