Malware for Android Spread in Email Spam Campaign
FireEye, security company based in USA, has discovered a new spam email campaign. Although, from the first glance it might look like any other one, in reality it is completely different. For instance, it doesn’t use the drive-by download method to spread the malware. Moreover, the cyber criminals are not distributing ordinary PC malware, this time they are spreading a malicious program developed for the Android. The app is called FakeDefender.
This campaign started about a month ago. The victims started receiving fake email letters, which are supposedly written by the United States Postal Service. The letters contain a message: “USPS Notification: Courier couldn’t make the delivery of your parcel. Reason: Postal code contains an error,” asking users to “Print the Label.”
Vinay Pidathala, a security expert at the FireEye, has released a report concerning the Android infection. He stated that a malicious file (Android Package File) is downloaded when users click on the “Print The Label” link, which is provided in the email letter. The cyber criminals behind this project employed more than twenty URLs. They use them as distributors of the malware.
According to FireEye experts this malicious program was first discovered at the beginning of this year. They frightened smartphone users into believing that their devices are infected with malware. In order to clean them up, an application has to be bought. This is just a scam created to lure out victims’ money because reports claiming that the device is infected are fake. Nevertheless, a lot of users fall for this trick and make money transactions in order to purchase the “needed” software.
Moreover, the malicious program is capable of intercepting incoming and outgoing calls and SMS, as soon as it registers two broadcast receivers. The creators of the malware employ different User-Agents in order to disguise the app. For example, some users might encounter the previously mentioned .apk file, while the other might get a .zip file, but both of them will contain the same malicious program. This malicious program greatly resembles the ones which infect PCs. Windows users encounter scareware like this quite often, but it is a new threat for the Android based devices.
Users can take a simple step and prevent their devices from such programs. They have to disable the “Allow installation of apps from unknown sources” feature. Moreover, Android users might activate a feature which will warn users each time an application is about to be installed.