Monday, March 25, 2013

New Fake Gaming Apps.


   
     A new fake gaming site, hxxp://htc-play[dot]ru, that as of this time not a single Anti-Virus has blocked or even noticed, carries premium SMS sending apps. This brand new variant of Android Malware is simple yet effective. It poses as one of the top 25 paid games on the Android Market that you can get for free then sends three premium SMS texts in the background.  All the end-user will see is a small repeating animation stating that the game is loading.  The game will never load and it will send those three SMS texts every time the app is restarted.

      The download links below will download the fake games straight from the source.  USE CAUTION as these are unprotected live links to the APK Files.  I will do my best to monitor this in the future but be careful as live links can and do change.  Most new malware is polymorphic and adaptive so a different app may be received each time.  Please see my post here on methods to take precaution while downloading malware.


FEAR - hxxp://data-htc-play.ru/uploads/FEAR.apk
STALKER - hxxp://data-htc-play.ru/uploads/STALKER.apk
Postal 2 - hxxp://data-htc-play.ru/uploads/Postal_2.apk
Aliens vs Predator -http://data-htc-play.ru/uploads/AVP.apk
Doom 3 - hxxp://data-htc-play.ru/uploads/Doom3.apk
Real Racing 3 - hxxp://data-htc-play.ru/uploads/Real_Racing.apk
Asphalt Heat 7 - hxxp://data-htc-play.ru/uploads/Asphalt_7.apk
Bit Trip Beat - hxxp://data-htc-play.ru/uploads/Bit_Trip_Beat.apk
Max Payne - hxxp://data-htc-play.ru/uploads/Max_Payne.apk
Nova 3 - hxxp://data-htc-play.ru/uploads/Nova_3.apk
Bad Piggies - hxxp://data-htc-play.ru/uploads/Bad_Piggies.apk
Wild Blood - hxxp://data-htc-play.ru/uploads/Wild_Blood.apk
GTA 3 - hxxp://data-htc-play.ru/uploads/GTA_3.apk
Portal - hxxp://data-htc-play.ru/uploads/Portal.apk
Asphalt 8 Infinity - hxxp://data-htc-play.ru/uploads/Asphalt_8.apk
Shadowgun 2 - hxxp://data-htc-play.ru/uploads/Shadowgun_2.apk
FIFA 2013 - hxxp://data-htc-play.ru/uploads/FIFA_13.apk
NOVA 4 - hxxp://data-htc-play.ru/uploads/Nova4.apk
Lost Planet 2 - hxxp://data-htc-play.ru/uploads/Lost_Planet_2.apk
Kill Zone - hxxp://data-htc-play.ru/uploads/Kinllzone.apk
NFS Most Wanted 2 - hxxp://data-htc-play.ru/uploads/NFS_MW2.apk
Grand Theft Auto Vice City - hxxp://data-htc-play.ru/uploads/Gta_Vice_City.apk
Modern Combat 4 - http://data-htc-play.ru/uploads/Modern_Combat_4.apk
Angry Birds Space Premium -hxxp://data-htc-play.ru/uploads/Angry_Birds_Space.apk
Angry Birds Star Wars - hxxp://data-htc-play.ru/uploads/Angry_Birds_star_wars.apk


      Each one of these are customized with the game's in-game icons to look like a valid copy of the game being downloaded and only have one permission:



       To minimize chances of getting Android malware it is best practice to install a security or anti virus app and only download apps from valid markets, such as Google play or Amazon.

Stay safe out there
-R`/4N

Monday, March 11, 2013

Fake Job Offer

    A post from McAfee (http://blogs.mcafee.com/mcafee-labs/android-malware-goes-bollywood) about fake job offers on Android devices got my attention. The article was short, sweet and to the point but it lacked a few points about scams like this.  Scams like this have been around forever and they always involve asking you to send a little money for something of greater value.

    This one is no different and after doing a quick Google search I found that this version has been in inbox's since 2010. Take a look here at some complaints dating back three years.  As mobile becomes the more popular way to communicate, so will these types of scams. Just like the survey scams posted about here a few months ago, if current trends continue these types of phone scams will become more complex and real looking.

    Here is a link to the paper this scam goes to after the button that pops up is clicked when the Android device is restarted. Take precautions though, this is an uncensored link that could change to something more nefarious over time.

hxxp://ge{dot}tt/api/1/files/4TcQx7Z/0/blob/x675


For More information on this threat please visit it's Virus Total Report and samples can be downloaded from this Contagio Mobile post.

Stay safe out there
-R`/4N