Socially Engineered Threats Target Trusting Consumers with Malicious Android Apps, Celebrity Sex Videos and Scareware Scams

News provided by

AVG Technologies

25 Jul, 2012, 12:00 GMT

AMSTERDAM, July 25, 2012 /PRNewswire/ --

- AVG's Q2 Threat Report warns of new sophisticated attacks aimed at unsuspecting PC and Android smartphone users -

AVG Technologies (NYSE: AVG), the provider of Internet and mobile security to approximately 114 million active users, today released its Q2 2012 Community Powered Threat Report. Cybercriminals have been using social engineering techniques to create malware that successfully exploits commonplace user activity such as downloading mobile phone applications and accessing online content through popular sites such as YouTube.

First Android bootkit turns your smartphone into a 'zombie'

The Android operating system for smartphones is now leading with 59 percent market share, according to the latest figures from IDC[1]. Taking advantage of this lucrative opportunity, cybercriminals have created the first Android bootkit which turns phones with the Android operating system into 'zombies', meaning they come fully under the control of the cybercriminal.  Cashing in on the application craze, this 'DKFbootkit' malware tricks users by masquerading as a legitimate application available for Android smartphones and poses a serious threat to the many Android smartphone users worldwide.

Once users download the application, the malware encourages them to click 'OK' to run it, which then roots the device. Since the smartphones are either connected to a mobile operator for payment or pre-paid, the malware author can siphon off small amounts of money on an on-going basis using premium SMS, usually without the user noticing as the amounts per individual user are kept small.

Malicious Trojan hides in unofficial 'Angry Birds Space'  application

Malware creators have developed a Trojan-infected version of this highly popular application, developed by Angry Birds creator Rovio in conjunction with NASA. Available on unofficial Android stores, it looks and functions exactly like the legitimate application but the difference is that it uses what is known as the 'GingerBreak exploit' to root Android devices. Rooting a device allows the malware to download and install additional malware onto the victim's smartphone, turn it into part of a botnet, modify files and launch URLs so that that phone is no longer under the user's control.

Celebrity sex and scare-mongering scams lure PC users

Tempted to view a video of socialites and celebrities undressed? Think twice before you click on the play button as another major threat that emerged in recent months is a new version of last year's LizaMoon SQL mass-injection attack hidden inside celebrity sex videos and false security alerts. When users click on a link to view the non-existent video or visit the fake security website, this malware downloads a Trojan. The style of the attack depends on the internet browser being used:

  • Mozilla Firefox®: users are taken to a fake Flash update page which purports to show a vulgar video of socialite Paris Hilton or actress Emma Watson. In fact, they will never get to see the video as when they click on it, they are prompted to update their Flash software which then downloads the disguised Trojan.
  • Microsoft Internet Explorer®: in this attack, cybercriminals play on people's peace of mind by mimicking a legitimate antivirus product which claims to have detected all sorts of malware on their PC and can help remove it. If users follow the link and install the application, then go on to purchase the product, it will download a completely ineffective rogue to their PC. If the victim changes their mind and chooses not to purchase the product, 'nag' screens will keep popping up until the rogue is cleaned from the machine. The latest version is known as a 'drive-by' download as the malware will execute from the web page, without requiring the user to download anything at all.

Tony Anscombe, Senior Security Evangelist at AVG, said: "These threats are a bit like the Emperor's new clothes - they are the same style of attacks as we have seen before but socially engineered by cybercriminals to trap victims who are becoming more security-savvy. The greater sophistication of these threats also means they are difficult for everyday users to spot something is wrong once the malware has been installed, making them very potent. It's vital that consumers think before they click 'OK' to anything online or on their phone."

Top five tips to keep your Android smartphone and computer safe:

  1. Prior to installing any application, carry out a background check on the developer and application, looking at ratings, reviews, history. Only download from application stores, sites and developers you trust - or set your device to download only from Google Play.
  2. Think before you click 'OK' to any requests your phone or PC make for your permission. Check if it seems bona fide or whether it appears odd that the application should be asking for this permission or to execute a download.
  3. Keep your computer programs, such as Adobe Acrobat and Adobe Reader, up-to-date so you are not tempted to follow prompts to upgrade when trying to access content from the web.
  4. Install antivirus security software on your computer and your smartphone and keep it updated. This will work as your eyes and ears to keep your personal information safe and ensure your peace of mind at home and on the move.
  5. Monitor your mobile phone bills very carefully - if you notice any small amounts you cannot account for, investigate further and if you suspect your smartphone has been exploited, run a genuine security product to find and remove any malware.

For more information on these and other threats analyzed by AVG in the AVG Q2 Community Threat Report, please go to: http://mediacenter.avg.com/en/press-tools/avg-threat-reports/avg-community-powered-threat-report-q2-2012.html

About the report

The AVG Community Protection Network is an online neighborhood watch, where community members work to protect each other. Information about the latest threats is collected from customers who participate in the product improvement program and shared with the community to make sure everyone receives the best possible protection.

The AVG Community Powered Threat Report is based on the Community Protection Network traffic and data collected from participating AVG users over a three-month period, followed by analysis by AVG. It provides an overview of web, mobile devices, spam risks and threats. All statistics referenced are obtained from the AVG Community Protection Network.

AVG has focused on building communities that help millions of online participants support each other on computer security issues and actively contribute to AVG's research efforts.

Visit the AVG Newsroom at: http://www.avg.com/press-releases-news
Visit the new AVG Media Center at: mediacenter.avg.com

About AVG Technologies (NYSE: AVG)

AVG's mission is to simplify, optimize and secure the Internet experience, providing peace of mind to a connected world. AVG's powerful yet easy-to-use software and online services put users in control of their Internet experience. By choosing AVG's software and services, users become part of a trusted global community that benefits from inherent network effects, mutual protection and support. AVG has grown its user base to 114 million active users as of March 31, 2012 and offers a product portfolio that targets the consumer and small business markets and includes Internet security, PC performance optimization, online backup, mobile security, identity protection and family safety software.

http://www.avg.com

Keep in touch with AVG

1. http://www.engadget.com/2012/05/24/idc-q1-2012-world-smartphone-share/