Android Malware Spreading Via Facebook

While your are scrolling through Facebook pages on Android,it may occur to you that you are using a facebook app running on a Google's Mobile OS and the two hawks of Silicon Valley are working hard all the time to make your experience as secure as it could be. But hold on ! aren't you missing something ? Yup there is also a community of Malware writers whose sole purpose in life is to find new ways of sneaking into your systems and devices.
It seems that almost every day there is a new facebook scam geared toward persuading users to click on a link. Attackers are increasingly using social media to distribute malware by tricking users into visiting malicious sites.And this time target is the Facebook app on Android which according to Security firm, Sophos is found spreading malware in an entirely new way.


Bouncer : Google's scanner for Android Market


Meet Bouncer.Google's new and clever tool to scan every app that enters the android Market . When a developer submits a new app, Bouncer steps in and analyzes it for potential threats. It scans for malware, spyware, and trojans — as well as apps that “misbehave” in other ways. This is done through an Android emulator on Google’s cloud infrastructure. Though new apps are obviously the focus, Bouncer actually scans all apps — new and old.

How this recent Malware works ?

Well you may get a friend request and like everyone you would go to person's info page to get know of him/her and decide whether you should friend him or not .You may also want to visit any link on that page to know 'more' about that person.And here the Game starts ! , you visit the shortened link disguising as an Android app and after redirecting you a couple of times , the app starts downloading automatically .

A screenshot showing how any_name.apk's look like

The malware package is named something like any_name.apk, and appears to have been designed to earn money for fraudsters through premium rate phone services.Although Android by default never allows apps to be downloaded without informing the user, some users choose to turn off this protection in order to have access to apps distributed outside of the Android Market.

Its not clear how bouncer will react to it ,but surely if you are reading this you should be alert not to become a victim of clickjacking.




About The Author


Aneeq Fasi is our newest team member. He is currently doing his bachelors from Fast University. If you would like to become a part of our team, Kindly email to rafayhackingarticles@gmail.com.