Android scareware delivered via spoofed email notices
Posted on 11.09.2013
A spam campaign targeting Android and PC users simultaneously has been recently spotted by FireEye researchers.

The attacks starts with spoofed emails made to look like a wedding invitation or a "failed delivery" USPS notification.

If the user checks out the email via a PC and follows any of the offered links, he is served with a malicious zip file called Once run, it installs a variant of the Kuluoz downloader Trojan.

If, on the other hand, an Android user clicks on the link, he will be served the LabelReader.apk file, which contains the Mobile Defender android scareware - tested and described earlier this year by Sophos' Paul Ducklin.

The fake AV solution tries to make the victim believe that his phone is infected with a host of malware, and offers to clean it up if the user is willing to pay for a full version.

"In addition to displaying fake messages of infection, the APK also has the functionality to intercept incoming and outgoing phone calls as well as messages," says FireEye's Vinay Pidathala, and adds that it can also end incoming calls.

Users who have not enabled the ďAllow installation of apps from Unknown SourcesĒ setting on their Android devices (it comes disabled by default) are safe from these types of attacks and need to worry only about malicious apps offered on Google Play.

Those who have enabled it might want to consider using a legitimate Android AV solution, because attacks like this are bound to continue for some time. Or, they could always revert the setting to the safer mode.


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Feb 4th