Android Trojan Practices Click Fraud

  /     /     /  
Publicated : 22/11/2024   Category : security


Android Trojan Practices Click Fraud


HongTouTou malware hidden with repackaged -- typically, pirated -- applications first surfaced on third-party online software markets in China.



A new Android Trojan has surfaced in third-party software marketplaces. Dubbed HongTouTou (aka the ADRD Trojan), the malware requests additional permissions from the device user, and appears to surreptitiously search the device for information, as well as click on specific search results.
According to a
blog post
from Tim Strazzere, a security engineer at smartphone security firm Lookout, which discovered the malware, his company identified 14 separate instances of the HongTouTou Trojan repackaged in Android apps including RoboDefense (a well known game) and a variety of wallpaper apps.
When an application that includes the HongTouTou Trojan starts up, it dispatches encrypted data to a remote host, which returns a list of search terms. HongTouTou then emulates the search process using these keywords to create searches in the search engine, crawls the top search results for those keywords, and emulates clicks on specific results, said Strazzere. The goal appears simple: to commit
click fraud
, albeit at the expense of the device owners data plan.
The malware also has the ability to execute an Android package file (APK), although it doesnt appear to be doing this, at least so far. The APK appears to have the ability to monitor SMS conversations and insert content related to specific keywords -- potentially spam -- into the SMS conversation, said Stazzere.
HongTouTou is reminiscent of the
Geinimi attack code
that recently surfaced. While that malware was first seen bundled with applications available on Chinese app markets, its since spread to U.S. and European app markets.
When it comes to smartphone applications that may have questionable behavior, 11% of Apple App Store apps can access contacts, and 34% can access location, according to new research from Lookout. Compare that to Android Market, for which only 7.5% of apps can access contacts, and 28% location. For both markets these percentages have decreased slightly over the last 6 months, which may be driven by an increased level of developer sophistication and a heightened awareness of privacy concerns amongst both users and developers, said Lookout.
But whereas Apple takes a
walled garden
approach to iOS application security by vetting all applications, Google allows Android devices to work not only with the official application store, Android Market, but also any number of third-party app stores.
Unfortunately, third-party markets pose security risks. For example, Lookout examined two markets that target Chinese customers, and found that 11% of the applications they contained were repackaged -- and thus, likely pirated. Of these applications, nearly 25% had been altered to request more permissions than the original application.
Such alterations often involve fraud -- retooling advertising links to benefit the pirate, not the developer -- or including malware in the application, such as fraud click software, keystroke loggers, or premium-rate
telephone dialing software
.
Unfortunately, Chinese consumers who want their
Angry Birds
fix have little choice but to use third-party app stores as authorities have been blocking access to Android Market.
The Android Market is blocked for Chinese customers, said a Lookout spokesperson via email. We havent heard or seen anything otherwise.

Last News

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Android Trojan Practices Click Fraud