Tuesday, January 22, 2013

Leadbolt Adware in Fraudulent "Cracked" apps.

A good article from GFI Labs shows the danger in downloading Android apps that advertise as being Cracked. Another review by Threatpost gives more information as well. The samples that can be found at getwapi[dot]com is just one of many apps that advertise cracks for paid software. You have to be very careful downloading stuff off alternate markets as  lot of "cracked" software can lead to stuff much more dangerous then just adware.  PJAPPS, which are valid software with malicious code added, can cost money and cause significant data loss.

After searching the site myself for a sample of the "cracked" software, I found that they where hosting apps on 4shared and it looks like they removed all of the fraudulent apps from the above GFI article.

"'MB Notifications for Facebook.apk' is unavailable. This file is no longer available because it's identical to file banned because of claim."

Luckily for me I managed to snag a copy before they where all removed. You can download the copy here. If you take a look at its Virus Total results you can see that it is LeadBolt adware. Leadbot, like most adware programs leaks data and can cause a massive drain on the battery of a device at the same time as hijacking ads and pushing new ads. Getting multiple copies of these apps running at the same time can cause a lot of confusion and be very annoying. Too many copies of this type of advertising and the android device will crash or become corrupt.

 I don't think that we will see the last of apps like this as already a sister site called runamux[dot]net has already been created and is hosting similar apps.  The best way is to not become infected with malware is to refrain from downloading potentially stolen apps from alternate sources. However, if you are going to "play" outside the confines of official markets like Google Play or Amazon, remember to download and protect your device with an antivirus mobile suite. Check out my blog post here for a few ideas or scroll to the bottom of the site for a list of free ones from Amazon.

Stay safe out there