Samsung: Check your smart TVs for malware!
infosec

Samsung: Check your smart TVs for malware!

Two years ago, in particular in 2017 in May, Wikileaks revealed that the CIA used software, the ...
Read More
infosec

ACU: University of Australia fell victim to phishing

Another phishing strike was recently reported at a Catholic University of Australia (ACU). The ACU announced that it ...
Read More
infosec

Coincheck: Russian hackers behind the theft of 530 million dollars?

In January of 2018, the Japanese exchange platform, Coincheck, received an attack, resulting in the loss of the New Economy Movement (NEM) ...
Read More
infosec

Echobot malware is a new version of Mirai!

If there is one thing that seems to have no end to security issues are the authors of malware who ...
Read More
infosec

Mermaids: Personal messages spilled between the organization and parents of transgender children

Mermaids UK is an organization founded by parents of transgender children and aims to support these children ....
Read More
Latest Posts

75 Android apps removed malicious adware from their code

Seventy-five Android apps, available for download from the official Google Play Store, had to remove a malicious ad library that secretly contained an adware called AdDown that Trend Micro researchers discovered two years ago.

Android

This adware appeared in January of 2015, and in addition to displaying ads to infected users, it also had the ability to collect personal data from its victims, and at one point it could even secretly install various applications without knowing it user.

Over time, Trend Micro reports that adware was detected in over 800 Android apps uploaded to the Play Store, usually as small utilities, such as wallpaper converters, photo editors, and lens.

After an in-depth analysis of the applications infected by AdDown over the past two years, the researchers were able to identify three basic stages of its evolution, called: Joymobile, Nativedown, and Xavier.

The first stage of adware development was the simplest version of it, but it was also the one with the most annoying features that came equipped with a method for installing third-party applications behind the user's back.

The second step removes this installation method, leaving only one user requiring approval, but it has improved to other features such as comms encryption, internal string obfuscation, and user-friendly filtering to better personalize ads.

The third and final stage of AdDown was first detected in 2016 in September and while it had generally improved features over the second stage, support was also added to detect and avoid the sandbox environment.

This version also removed the ability to install third-party applications, probably because the adware writer realized that adware would be more likely to remain unnoticed by showing ads occasionally and not forcing apps to smother the user in ads.

Experts say that over the past two years, millions of users seem to have downloaded and installed applications infected with one of these three AdDown adware versions. The Trend Micro researcher Mr. Ecular Xu said that AdDown was distributed to various application developers as an SDK ad, which explains why it was found in so many applications. Xu has published a list of previously infected apps but has now been removed by AdDown from their code:

PackageName Downloads Date Remove Xavier
com.ijksoftware.pdfcreator.camscanner 10000-50000 2017/5/13
com.writeonpicture.textphoto 100000-500000 2017/5/13
com.inateam.cooler.master 500000-1000000 2017/5/13
com.equalizer.volumebooster 1000000-5000000 2017/5/13
com.styletext.font.textonphotos 100000-500000 2017/5/14
com.easytool.screenoff 100000-500000 2017/5/13
com.inateam.pdfreader 100000-500000 2017/5/13
com.placideagles.volumebooster 500000-1000000 2017/5/13
com.allinOne.openquickly 1000000-5000000 2017/5/13
com.inateam.ziprar 100000-500000 2017/5/13
com.coramobile.speedbooster.cleaner 1000000-5000000 2017/5/13
com.coramobile.security.antivirus 1000000-5000000 2017/5/12
com.cleaner.memorybooster.ramoptimizer 1000000-5000000 2017/5/13
com.coramobile.powerbattery.batterysaver 100000-500000 2017/5/12
com.pdfviewer.pdfreader.edit 500000-1000000 2017/5/13
com.cutterringtone.mp3cutter 100000-500000 2017/5/14
com.coramobile.phonecooler.cpucoolermaster 1000000-5000000 2017/5/12
com.autolockscreen.taptaplock 50000-100000 2017/5/13
com.easycapture.screenshot 50000-100000 2017/5/14
com.unziptool.rarextractor 50000-100000 2016/11/18
com.convertmp3.videoconverter 50000-100000 2017/5/13
com.lollicontact.caller 50000-100000 2017/5/13
com.fattys.automaticcallrecording 100000-500000 2017/5/13
com.ponosnocelleh.lolipoptheme 50000-100000 2017/5/13
com.ponosnocelleh.threedtheme 100000-500000 2017/5/13
com.mothrrmobile.volume 100000-500000 2017/5/13
com.greenapp.voicerecorder 10000-50000 2017/5/13
com.sunny.text2photo 100000-500000 2017/5/13
com.fingerprint.lockscreen.prank 100000-500000 2017/5/13
com.keeprr.cutpastephoto 100000-500000 2017/5/13
com.billowy.equalizer.bassbooster 100000-500000 2017/5/13
com.fattysgui.beautyfont 100000-500000 2017/5/13
com.aecenraw.emojionphoto 50000-100000 2017/5/13
com.appworksui.myfonts 100000-500000 2017/5/13
com.forecast.weatherlive.weather 10000-50000 2017/5/13
com.finder.photo.imagessearch 10000-50000 2017/5/13
com.galaxygame.fighterwar 100000-500000 2017/5/13
com.djayfree.mp3djmix 100000-500000 2017/5/13
com.qrscan.qrreader.qrcode 10000-50000 2017/5/13
com.yamagame.stormfighter 100000-500000 2017/5/13
com.minfiapps.screenshost_capture 100000-500000 2017/5/13
com.photogrid.frame.photocollage 10000-50000 2017/5/13
com.greenapp.slowmotion 100000-500000 2017/5/13
net.camspecial.clonecamera 500000-1000000 2017/5/13
com.rartool.superextract 100000-500000 2017/5/13
com.fattystudioringtone.mp3cutter 50000-100000 2017/5/13
com.aepictur.textphoto 100000-500000 2017/5/13
com.live3d.wallpaperlite 100000-500000 2017/5/13
com.xatedses.changehaircoloreye 100000-500000 2017/5/13
com.podhengy.haircolor 100000-500000 2017/5/13
com.mobilescreen.capture 100000-500000 2017/5/13
com.keeprr.textonphoto 100000-500000 2017/5/13
com.mobiletool.rootchecker 100000-500000 2017/5/13
com.galaxy.strikeforce 1000000-5000000 2017/5/13
com.podhengy.photoapp 50000-100000 2017/5/13
com.albumpro.videoslide.galleryphoto 50000-100000 2017/5/13
com.gpsonline.phonetracker 500000-1000000 2017/5/13
com.maxmitek.livewallpaperaquariumfishfish 50000-100000 2017/5/13
com.maxmitek.beachwallpaper 50000-100000 2017/5/13
com.xatedsesmobile.picturesketch 100000-500000 2017/5/13
com.efflicnetwork.ringtonecutter 50000-100000 2017/5/13
com.gigmobile.booster 100000-500000 2017/5/13
com.ponosnocelleh.launchers7 100000-500000 2017/5/13
com.magicvideo.editor.reversevideo 50000-100000 2017/5/12
com.azurersweet.djvirtual 500000-1000000 2017/5/12
com.sevideo.slideshow.videoeditor 1000000-5000000 2017/5/12
com.fourapps.musicplayer.videoplayer 100000-500000 2017/5/12
com.slowmotion.videoslow 500000-1000000 2017/5/12
com.fourvideo.videoshow.videoslide 1000000-5000000 2017/5/12
com.azurersweet.app2sdandremover 100000-500000 2017/5/12
com.azurer.vpnproxy.supervpn 500000-1000000 2017/5/12
com.azurersweet.launcher 50000-100000 2017/5/12
com.appgpfaq.prankcrackscreen 500000-1000000 2017/5/12
com.photoshow.videoeditor.slide 100000-500000 2017/5/12
com.azurersweet.beautymakeup 100000-500000 2017/5/12
Do you have an opinion? Leave your comment.

The author allows you to copy his / her text only if you report the source (SecNews.gr), as an e-mail address (Live URL) of the article.
Updated on by

Reader Interactions

Leave a reply

Your email address is not published. Τα υποχρεωτικά πεδία σημειώνονται με *