New mass attack to Android users through malware on Facebook

android-whatsappPanda security recently discovered a new mass attack on Android users. This time it’s a much elaborated Facebook-originated campaign in which cybercriminals post ads promoting different applications. Panda Security already contacted Facebook to warn them about this malware campaign in the popular social network.

Users navigate Facebook on their Android devices and find different posts on the Wall called “Suggested Advertising,” announcing Whatsapp utilities such as “Would you like to know how to see your friends’ Whatsapp conversations? Find out here!” or “Do you want to hide your Whatsapp connection? Download the app so people can’t see you.” Victims who click on these ads are redirected to a fake version of Google Play, the Android app store. Then, thinking they’re in the original site, they’ll download the free app, which is actually a Trojan that will subscribe them to a Premium SMS service without notice.

The Trojan monitors all text messages received and if the sender is the Premium SMS service number, it intercepts it and eliminates it so there’s no trace of it. However, this technique does not work on the latest Android 4.4 version (KitKat), so the Trojan authors came up with a tactic to overcome this obstacle: as the victim receives a message, the phone goes to silent mode for a couple of seconds and then the message gets marked as read on the inbox. The application includes an SMS counter so, when the first message from the SMS Premium service is received, it can read it to obtain the necessary PIN, registering it in the corresponding confirmation website to activate the paid messaging service.

Cybercriminals don’t only use Whatsapp, but use the same technique with any theme that could work, such as: “shocking videos”, “Candy Crush tricks”, “Angry Birds tricks”, etc.

Source: Alta Densidad



Introduce tus datos o haz clic en un icono para iniciar sesión:

Logo de

Estás comentando usando tu cuenta de Cerrar sesión /  Cambiar )

Google+ photo

Estás comentando usando tu cuenta de Google+. Cerrar sesión /  Cambiar )

Imagen de Twitter

Estás comentando usando tu cuenta de Twitter. Cerrar sesión /  Cambiar )

Foto de Facebook

Estás comentando usando tu cuenta de Facebook. Cerrar sesión /  Cambiar )


Conectando a %s