February 25, 2014
Panda Security discovered a new massive attack on Android users. In this case, it is a very elaborate campaign that originates from Facebook, where cybercriminals publish ads promoting different applications. Panda Security has already contacted Facebook to warn of this malicious advertising campaign of the popular social network
When the user browses from his Android mobile through Facebook, he will find different messages on the wall of the social network under the heading of “Suggested publication”, where utilities for WhatsApp are announced such as: friends on WhatsApp? Discover it here! or “Do you want to hide the WhatsApp connection? Download the App now so that people don’t see you ”. If the alleged victim clicks on any of these ads, they are redirected directly to a fake version of Google Play, the Android application store. The user, believing that he is on the original site, will download the application for free, which, in reality, is a Trojan that will subscribe him to a Premium SMS service without his knowledge.
“On this occasion, cybercriminals exploit the options that Facebook offers based on the advertising contracted. In this case, it is only shown to Spanish Facebook visitors who access the social network through their Android mobile browser. We have carried out tests with the same account from PC, iPad, iPhone and Android and advertising is only shown in the case of Google’s operating system, ”said Luis Corrons, PandaLabs Technical Director at Panda Security.
The Trojan monitors all text messages received on the phone, and if the sender is the number of the Premium SMS service, it intercepts and deletes it so that no trace of it remains. However, this technique does not work with the latest version of Android, 4.4 (KitKat), so the authors of the Trojan devised an ingenious tactic to overcome this obstacle: upon receiving the message, the phone’s volume is muted for two seconds and, it is then marked as read in the inbox. The application includes an SMS counter, so when the first message from the Premium SMS service arrives, you can read it to obtain the necessary PIN, registering it on the corresponding confirmation web page to activate the paid message service.
Cybercriminals not only use WhatsApp as a claim, but they use the same mechanics with any theme that may be popular: “Shocking Videos”, “Candy Crush Tricks”, “Angry Birds Tricks”, etc.
[+] Videos de nuestro canal de YouTube