Dubious Android apps may not be malware--just ads
Symantec may have mistakenly labeled more than a dozen Android apps as malware, according to security researchers at Verizon-affiliated ICSA Labs.
It's an easy mistake to make, according to Roger Thompson, an ICSA "emerging threats" researcher who authored a blog post on the subject. Thompson suggested that the apps appear to include a new release of an ad platform that merely resembles malware in certain ways.
Symantec recently raised an alarm over an alleged Trojan it dubbed Android.Counterclank, saying its researchers had discovered 13 apps on the Android Market that had millions of downloads combined were "malware" because they could allow an attacker to remotely control the device. But Google refused to remove the apps from the Android market because they weren't violating terms of service or doing anything customers hadn't given permission for.
Symantec said the alleged Trojan could be found in game and entertainment apps such as "Counter Strike Ground Force," "Deal and Be Millionaire" and "Pretty Woman Lingerie Puzzle." The apps are "a minor modification of Android.Tonclank, a bot-like threat that can receive commands to carry out certain actions, as well as steal information from the device," Symantec's Irfan Asrar wrote in a blog post.
Android.Counterclank certainly sounded dangerous. Symantec said the alleged Trojan could request permissions to access network, Wi-Fi and Cell-ID information, as well as install shortcuts, read settings, check the phone's current state, open network connections, read and write access of the browsing history, copy bookmarks and retrieve the MAC address, SIM serial number and other device data.
The apps included disclaimers noting that that they were making money by including a search bar shortcut that could be deleted and adding a search app to browser bookmarks.
Symantec backtrack on its assessment that the apps were malware in a blog post earlier this week, noting that "the code in the Tonclank and Counterclank applications comes from the same vendor. The vendor is a company who distributes a SDK (software development kit) to third parties to help them monetize their applications, primarily through search."
Researchers at mobile security firm Lookout initially acknowledged "some concerns" about the apps' functionality, but added:
[A]t this time, and as far as we can tell, it does not meet the standard to be classified as malware or a 'bot.' Consumers should take these apps very seriously as they appear to tread on privacy lines, but they are not necessarily malicious.
Now ICSA Labs is weighing in on the matter. The testing and certification firm has concluded that the apps in question represent a new release of an ad platform "developed to allow Android developers to monetize their apps... not a Trojan, designed to steal information or turn the victim's device into part of an Android botnet."
It's difficult to determine when a Trojan is a Trojan, ICSA Labs said. If you can't observe malicious behavior, such as recording keystrokes, sending premium text messages or downloading other code without permission, you have to reverse engineer the code to see if the capabilities to do those actions are in there, or you have to rely on anti-virus scanners, which can generate false positives, the firm said.
As ICSA's Thompson wrote:
When you have hundreds of thousands of apps, coming from all over the world, from any one of numerous and unknown developers, it's just plain hard to figure out when something has crossed the line from aggressive advertising to outright maliciousness....
What most people don't realize is that Android apps are just zip files, and it is really easy to unzip, add some Trojan code, re-zip it, and stick it out on a warez site, masquerading as a legitimate copy of the original app....
Android is a wonderful, useful and exciting platform, but it turns out that it's a really good idea to only download your apps from well-known companies.
Source
Tags:
Blog Archive
-
▼
2023
(215)
-
▼
January
(100)
- Mom Crochets Adorable E.T. Costume, Turns Son Into...
- An $80 Multipurpose Air Fryer Oven That Does It Al...
- HP Chromebook X2 Review: Gives Surface Pro, Pixel ...
- The Best Roomba Alternatives To Keep Your Floors C...
- Samsung Galaxy Watch 5 And 5 Pro: How Do They Comp...
- The Best Amazon Cyber Monday Deals You Can Get Rig...
- Motorola Moto Z Play Review: A Battery Beast
- Take Up To $250 Off Unlocked Galaxy S22 Plus Smart...
- 2022 Kia Carnival First Drive Review: A Luxurious ...
- Philips Airfryer Avance Collection Review: The Air...
- Tesla Revives Enhanced Autopilot For $6,000
- Brock Lesnar Just Made Wrestling Real In The Most ...
- Dell XPS 13 (winter 2013) Review: Still Can't Touc...
- EV Tax Credits: Manchin A No On Build Back Better ...
- 5 Predictions For Bitcoin, NFTs And The Future Of ...
- Dolly Parton's New 'Doggy Parton' Pet Products Inc...
- TikTok Is Reportedly Testing 5-minute Videos
- Facebook Hits Pause On Instagram Kids As Concern M...
- Nvidia In Advanced Talks To Buy Chipmaker Arm, Say...
- Ouya Teams With Xiaomi To Bring Video Games To China
- OLED Laptop Screens Are Worth It -- For Some
- IPhone 14 Is Trending Before The IPhone 13 Has Eve...
- Order Your Favorite TikTok Recipes From TikTok Kit...
- Save $47 On Nespresso's Sleek Vertuo Next With Mil...
- Apple Endorses AVIF Photo Format For A Faster Web ...
- 6 Spooky Google Home Tricks (and Treats) To Try To...
- TikTok Is Reportedly Testing 5-minute Videos
- YouTube Feature Looks To Help You Connect Your Pho...
- The Galaxy S21 Lineup Is Here, With A $200 Price C...
- Google's New Wallet App Is Available Globally, Rep...
- Roman Reigns' Heel Turn At Payback Is WWE's Boldes...
- Google Will Now Let You Limit Ads Around Pregnancy...
- Cut Cords And Clean Better With Up To 45% Off Shar...
- More People Need To Watch This Trippy Sci-Fi Gem O...
- Does Your Next Phone Really Need 5G? How To Decide
- Qualcomm Gets OK To Sell 4G Chips To Huawei, Despi...
- Snag A Kindle Kids E-Reader For As Low As $60 Toda...
- Worldwide Smartphone Shipments Tick Up, Driven Mos...
- Stop Pouring Vinegar Into Your Dishwasher. Here's Why
- 'She-Hulk' Episode 2 Drops Intriguing X-Men Reference
- Studio Ghibli's Movies Ranked To Celebrate Totoro ...
- Celebrate Joann's Anniversary With Up To 60% Off D...
- Best MacBook Pro Alternatives For 2022
- Xiaomi Shares Fall Nearly 6% On IPO
- Qualcomm, Amazon Boost Intel Plan To Leapfrog Chip...
- Snapchat Will Let You Change Your Username Soon
- Twitter Has Finally Announced An Edit Feature
- 'Hug Me' On TikTok: What To Know About The Popular...
- Being A First-Time Homebuyer Can Be Stressful. Her...
- World's Oldest Living Dog Is A Toy Fox Terrier Tha...
- It's 2022, And I'm Still Losing My Apple TV Remote
- Apple's M2 Chip Gives New MacBook Air A Speed Boost
- When Is Amazon Prime Day 2022?
- The Coolest Smartphones Are Hard To Find In The US...
- Faraday Future Only Has 401 Preorders For Its Firs...
- Pokemon Go Xurkitree Raid Guide: Best Counters And...
- WWE 2K20 Is Being Eviscerated By Fans For Its Insa...
- Tesla Recalls Over 54,000 Models Over FSD Update T...
- Scream Trailer: Neve Campbell, Courteney Cox Face ...
- Save Up To $250 On Apple's Powerful 14-Inch MacBoo...
- Behind The 'Flame' Malware Spying On Mideast Compu...
- What Is An Escrow Account And How Does It Work?
- Big Screen Bargain: This 17-Inch Gaming Laptop Is ...
- $500 Moto G Stylus 5G And $400 Moto G 5G Get 50MP ...
- Samsung Slashes Galaxy Z Flip 5G Price By $250 To ...
- IPhone 14, Pixel 7 And Galaxy S23: These Upcoming ...
- Google Maps Adds Toll Road Price Estimates And Bet...
- Oppo PM-3 Review: Groundbreaking $400 Planar Magne...
- Uber Announces Fuel Surcharge As Gas Prices Soar
- Ransomware Cost US Schools $3.56 Billion In 2021, ...
- How To Turn On Caps Lock On A Chromebook
- 20 Viral TikTok Products To Add To Your Shopping List
- Dubious Android Apps May Not Be Malware--just Ads
- Fitbit And Apple Know Their Smartwatches Aren't Me...
- The Best Comedies On Netflix You Absolutely Need T...
- Pilot Like A Pro With $40 Off This Beginner-Friend...
- The White House Issues First Crypto Order. This We...
- How To Use Emojis In Google Docs: It Just Got Easier
- The Worst Credit Card Mistakes You Should Stop Making
- Prototype Gadget Can Scan And Identify Fonts On De...
- Honor's Magic V Foldable Is Another 'creaseless,' ...
- What Is Net Metering And How Does It Work?
- Motorola Announces $1,000 Edge Plus To Compete Aga...
- Can Fuel Up And Pay Later Help Curb Soaring Gas Pr...
- TikTok Is The Most Downloaded App Worldwide In 202...
- Google To Start Sending Rapid Air Raid Alerts To A...
- This Is Verizon's First 5G Smartphone
- Fossil Gen 6 Smartwatch Line Touts Faster Charging...
- 'Lightyear' Review: A Toy Story With A Whole Lot O...
- Last Call: Save Up To $1,000 On Galaxy Z Fold 4 An...
- Asus ROG 2 Gaming Phone Could Launch In July
- Wild VR Gadget Makes Virtual Objects Feel Solid At...
- 2023 Kia Telluride Will Debut April 13 In New York
- Phones With In-screen Fingerprint Scanners: Galaxy...
- Five Toy Drones For Beginners
- OnePlus 6T: Six Features We're Dying To See
- Mortgage Refinance Rates For Aug. 24, 2022: Rates ...
- IOS 15.6: All The IPhone Updates You'll Get After ...
- 6 Things That Didn't Make An Appearance At The App...
- Save Hundreds By Setting Your Water Heater To This...
-
▼
January
(100)
Total Pageviews
Search This Blog
Popular Posts
-
Ukuran tinggi spring bed bigland di, ukuran tinggi spring bed bigland golden, ukuran tinggi dalam meter, ukuran tinggi badan, ukuran tinggi ...
-
Carta de colores de pinturas unidas, carta de colores lanco, pintura popular dominicana carta de colores, carta de colores tropical, carta d...
-
Ukuran panjang lebar majalah tempo, ukuran panjang lebar majalah popular, ukuran panjang lebar majalah rasa, ukuran panjang lebar majalah wa...