infonews.co.nz
INDEX
INTERNET

Over 250 apps using malicious codes, 200 on Google Play

Friday 9 November 2012, 10:25AM

By Botica Butler Raudon Partners

282 views

A few days ago, researchers from North Carolina State University published a video demonstrating how an app can simulate the reception of a text message from a spoofed source. SMS spoofing can be used for a number of malicious intentions, including SMS phishing attacks (SMSishing), which could trick someone into providing banking credentials or subscribing to paid services.

http://www.youtube.com/watch?v=gLujaf0Y4-A

Although the code has been publicly documented and used since August, 2010, Symantec has yet to find any instances that use the code for a SMSishing attack. Instead, the vast majority of apps use the code to deliver advertisements, including a couple hundred applications hosted on Google Play. Symantec has recorded more than 250 applications that contain code using this technique including 200 that are currently available on Google Play with millions of combined downloads.

To send a spoofed SMS message there is no need to send a text message over the air. In fact, a message is never sent or received, instead, the system service in charge of receiving text messages is tricked into thinking a message has arrived—and it will happily store the text message and notify the user of the event. One can specify any arbitrary "from address" for the SMSishing attack and no special permissions are required to insert a spoofed message.

Some of the applications use the code to better integrate text messaging with instant messaging or other online services. The vast majority are using an ad network software development kit (SDK), which pushes ads straight into your SMS inbox. However, the network’s ad servers are down at the time of writing.

Users should be wary of the source of any suspicious incoming text messages while Google modifies Android to prevent spoofing of these text messages. These applications may be identified by Norton Spot and any future malicious usage detected byNorton Mobile Security.

For more information, please proceed to Symantec’s Security Response blog post here.