Wednesday, November 21, 2012

How bad can live wallpaper be?

So, you're surfing the net with your phone and find a site with some awesome live wallpapers on it.  It looks pretty decent and even has a silly name of, so you click one of the wallpapers. I clicked on a Matrix one for this example. Then you blindly click through the permissions without looking because its just the same standard garbage that all the other apps have.  Well, guess what? your phone is now infected and you will see it on your next phone bill..

While this is an extreme circumstance that you may think would never ever happen. It actually does all the time. There are plenty of people who keep downloading and installing stuff like this. Just take a look at this article from the BBC showing how a French hacker amassed a collection of 500,000 euros in little under a year by defrauding 17 thousand people with Android software exactly like this.

So how do we know that this is a Trojan before we download it.  First thing it is recommended to only install items from the Google Play store.  However, Google has limitations on what they put out and the "live wallpapers" form an alternate market are very alluring.  So the next thing to do would be to get a good Anti-Virus on your phone. Like this one here for Symantec, or you can check out this post for other options. This way you can download what you want and still feel safe.

If you don't want AV software or think that it is not required on your device then just be very wary of permissions that you grant software installed on your phone. If you check out the public online mobile-sandbox, I sent this file for analysis. As you can see below it asks to send SMS.  This is a big warning sign that it may be bad.

So, check out the Virus Total report and you can see this is a variant of the Trojan Android.Boxer that I have posted about before here. You can find some more research on what boxer does here or here and although there are many different variants the one thing that doesn't change is that it will add a few bucks to your phone bill and steal some of your devices info.

You can download this directly from:
Warning: This is a direct address with no password and will link to the file through a series of redirects.

Stay safe out there