Mobile card game DURAK revealed the problem of malware for Android, affecting millions of Google users around the world. From inadequate scrutiny of applications before publication on Google Play suffered as the users themselves and the reputation of the official application store.
About the suspicious behavior of the game is online antivirus company Avast said is one of the users. Problems of network security researcher Philip Chitra first post did not attach much importance, but in the course of the proceedings it became clear that the described malware infected with one of the most popular apps in the store Google Play.
So, DURAK, as shown by the store itself, set from 5 to 10 million users. Two other popular applications – this IQ test and Russian History. Currently Avast transferred to Google information about the infected applications, and they have been removed from Google Play, but the user who reported the malware on the forum talking about a variety of other applications, and they are all infected with the same virus.
The principle of malicious code is to show the user notification window with a false warning each time you unlock the screen of your smartphone. Messages may be that the device is infected, it has expired, and that the phone pumped large amounts of porn. In this case, the user will be prompted to perform an action (click a button or link) to solve the problem, then the browser will open the page through which the phone will be installed other malware that sends premium SMS or collects available personal information about the user.
A malicious works quite tricky part: after installation, it does not show any activity until you restart the device or within a few days (sometimes up to 30 days). When the smartphone starts to behave strangely, the user can not identify the application that is the cause of this.
It is interesting that some of the links in the messages of false leads to legal software. For example, one of the targets was the antivirus company Quihoo 360. It is unlikely that a manufacturer would like to promote your product in this way, however, the advertiser can not always track down the source of your application settings and check its quality, as the traffic in this market is now sold and resold is not always neat suppliers pretty wild way. Who is the victim company is conducting an investigation into the matter.
Victor Chebyshev, antivirus experts “Kaspersky Lab”, I am sure that in the case with the game DURAK can talk about “Russian” should, as one of the domains (ad1.mads.bz), associated with the display of advertising, has been registered by some Nadezhda Ivanova.
«Moreover, based on the data that we get from the Kaspersky Security Network, the majority of attacks exactly in Russian users “- said the expert and added. – In the first week of observations, we recorded more than 10 thousand. Attempts to infect our users. That’s pretty much ».
The problem of fraud applications in Google Play (the so-called fraud, from the English. Fraud) – is not new. The fact is that, unlike Apple Google does not verify each application carefully before publication. Also, the software can be installed on Android-smartphone users without Google Play store just as downloading and running the file-container. Devices running iOS can receive applications only from App Store. Security was brought in favor of a more rapid growth of publications and the number of applications in Google Play, to compete with Apple.
The task was accomplished: applications in Google Play – more, but now I have to pay for it, but the first problem reached such proportions.
The first suffered from fraud developers of mobile applications for Android and the corporation Google, since malware on smartphones users are already used for a long time “sklikivaniya ‘advertising budgets in contextual advertising networks AdWords and AdMob. The second suffered from fraud is particularly strong. Complaints about small advertisers and developers Google prefers to remain silent.
also suffer and reputation of Google and platform Android, because users do not want to take care of their safety, do not install anti-virus software and believe all messages smartphone The phone is increasingly being used not only for authorization in the various web services, but also to confirm financial transactions via SMS.
The most complex viruses can not only intercept SMS bank, hiding them from the owner of the smartphone, but form of payments on account cybercriminals through mobile banking applications. Of course, these viruses do not spread massively, but the presence of such massive infected apps like DURAK, – it is always open “back door” on the device potentially interesting victim to criminals.
situation DURAK’om likely to get a lot of publicity, and I want to believe that Google will now have to take some serious action to change the situation.
The company ESET Russia believe that the malicious -applications in Google Play – a well-known problem, and the number of false and / or malicious applications on Google Play will only grow.
«Android platform in general,” a success “attackers: currently it is focused up to 99% of known mobile malware. In particular, last year appeared on Google Play rogue antivirus Virus Shield. It sold for $ 3.99 a week and became the sales leader among the new products and the third in the list of the best paid apps. When this virus is not protective at all – the application can only be changed by clicking the icon. More than 10 thousand. Users pay for fake $ 40 thousand. For a week.
The main problem is that Google Play does not check thoroughly new applications. Specialists site only detect malicious activity.
If the application does not show it or malicious functionality qualitatively disguised in software has all chances to appear in the public domain.
The problem is partly solved antivirus that really protect against virus threats and allow for a security check and control applications. On the other hand, even the most technically advanced software does not rule out the influence of the human factor “- told” Gazeta.ru “in ESET Russia.
According to anti-virus expert” Kaspersky Lab “Denis Legeza, most mobile antivirus own use cloud reputation database files and URL-addresses.
«Thus, the first to be blocked from the site download software authors, warning about the alleged vulnerabilities found on the device. Instead, the user will see him antivirus information that the browser tries to open an unsafe page. If for some reason the URL is not marked in the reputation-based security software developer as dangerous, it can be stopped immediately subsequent loading a malicious file on the link, “- said” Gazeta.ru “expert” Kaspersky Lab ».