安裝開水Android版後立即收到Antivirus & Mobile Security-TrustGo Inc.警告要我立刻移除
因此軟體內含間諜軟體
adware!airpush.a@android
(請大家也移除開水Android版吧!)
上網搜尋得到以下的結果
http://www.virusradar.com/Android_Adware.AirPush.A/description
Android/Adware.AirPush [Threat Name] go to ThreatAndroid/Adware.AirPush.A [Threat Variant Name]
| Category |
adware |
| Size |
236853 B |
| Detection created |
Jan 25, 2012 |
| Signature database version |
6839 |
| Signature Android db version |
3.225 |
| Aliases |
Android/AirPush (AVG) |
Short description
Android/Adware.AirPush.A is an adware - an application designed for delivery of unsolicited advertisements.
Installation
The adware must be downloaded and manually installed.
The adware is usually bundled within installation packages of various legitimate software.
Information stealing
Android/Adware.AirPush.A is a adware that steals sensitive information.
The following information is collected:
- IMEI number
- name, type and device version
- user location
The adware attempts to send gathered information to a remote machine.
The adware contains a list of (4) URLs. The HTTP protocol is used.
Other information
The adware program is designed to deliver various advertisements to the user's systems.
It can prepare SMS message to send (user is prompted to send the message).
It can prepare a request for a phone call (must be executed by the user).
======================
Android / Adware.AirPush [的威脅名稱] 去威脅Android / Adware.AirPush.A的威脅變量名稱]
| 類別 |
廣告 |
| 大小 |
236853乙 |
| 創建檢測 |
2012年1月25日 |
| 簽名數據庫版本 |
6839 |
| 簽名的Android DB版 |
3.225 |
| 別名 |
機器人/通知欄廣告(AVG) |
簡短描述
Android / Adware.AirPush.A的是一個廣告 - 不請自來的廣告交付設計的應用程序。
安裝
廣告必須下載並手動安裝。
廣告軟件通常是各種正版軟件的安裝包內捆綁。
偷信息
Android / Adware.AirPush.A的是一個廣告軟件,竊取敏感信息。
收集以下信息:
廣告試圖收集到的信息發送到遠程計算機。
該廣告包含一個列表(4)的網址。使用HTTP協議。
其他信息
廣告程序到用戶的系統,旨在提供各種廣告。
它可以編寫短信發送(系統會提示用戶發送消息)。
它可以準備一個電話(必須由用戶執行)的要求。
=====================================
=====================================
趨勢科技
http://about-threats.trendmicro.com/uk/malware/ANDROIDOS_FAKEAPP.SM
Threat Encyclopedia
ANDROIDOS_FAKEAPP.SM
|
Android/Adware.AirPush.A (NOD32)
Trojan
Information Stealer, Click Fraud
No
Android OS
No
Yes
|
Low
Medium
Low
Low
|
Overview
Via app stores
This Android malware arrives as a fan-made application that tricks users into thinking that it is the same as the original. It displays advertisements upon installation.
To get a one-glance comprehensive view of the behavior of this Trojan, refer to the Threat Diagram shown below.
This malware arrives as a Trojanized Android application. Upon execution, it creates shortcuts pointing to ads sites on the device's home page. It does this by downloading details about its intended ads on certain sites.
This Trojan may be manually installed by a user.
Technical Details
Varies
APK
Displays ads
Arrival Details
This Trojan may be manually installed by a user.
NOTES:
This malware arrives as a Trojanized Android application.
Upon execution, it creates shortcuts pointing to ads sites on the device's home page. It does this by downloading details about its intended ads on the following sites:
- www.{BLOCKED}dsettings.com
- ad.{BLOCKED}boltapps.net
Below is an example of the created shortcuts:
Aside from home page shortcuts, it also displays advertisements via notifications:
It then reports infection by uploading information to the following C&C server:
- http://api.{BLOCKED}push.com/v2/api.php
Sent information includes the following:
- IMEI
- Carrier
- Network operator
- Phone model
- API Key
- App Id
- Token
- Infection timestamp
- Package name and version
- Wifi information
- User agent
- Android ID
After executing its payload, it then displays the following fake notification to the user:
Solution
9.200
1.193.00
Step 1
Trend Micro Mobile Security Solution
Trend Micro Mobile Security Personal Edition protects Android smartphones and tablets from malicious and Trojanized applications. The App Scanner is free and detects malicious and Trojanized apps as they are downloaded, while SmartSurfing blocks malicious websites using your device's Android browser.
Download and install the Trend Micro Mobile Security App via Google Play.
Step 2
Remove unwanted apps on your Android mobile device
[ Learn more ]
======================================
安全威脅百科全書
ANDROIDOS_FAKEAPP.SM
|
Android / Adware.AirPush.A的(NOD32)
木馬
信息竊取,點擊欺詐
沒有
Android操作系統的
是
|
低
中
低
低
|
概觀
通過應用程序商店
這款Android惡意軟件到達作為風機製造的應用程序,誘騙用戶認為它是像原來一樣。它在安裝時顯示廣告。
為了得到一個全面的看法,這個木馬的行為一目了然,指威脅圖如下所示。
這種惡意軟件到達一個木馬的Android應用程序。在執行時,它創建快捷方式指向裝置的主網頁的廣告網站上。它通過其擬定的廣告在某些網站上下載的詳細信息。
它可能是由用戶手動安裝。
技術細節
改變 APK 顯示廣告
到達詳細
它可能是由用戶手動安裝。
注意事項:
這種惡意軟件到達一個木馬的Android應用程序。
在執行時,它創建快捷方式指向裝置的主網頁的廣告網站上。它通過以下網站下載詳細了解其擬定的廣告:
- 萬維網。{BLOCKED} dsettings.com
- 廣告。{BLOCKED} boltapps.net
下面是所創建的快捷方式的一個例子:
除了從家裡頁面的快捷方式,它也顯示廣告通過通知:
然後報告感染上傳信息到下面的C&C服務器:
- {BLOCKED} http://api push.com/v2/api.php
發送的信息包括以下內容:
- IMEI
- 支架
- 網絡運營商
- 手機型號
- API密鑰
- 應用程序ID
- 象徵
- 感染時間戳
- 軟件包名稱和版本
- 無線網絡信息
- 用戶代理
- Android的ID
在執行它的有效載荷,然後顯示下列偽造通知用戶:
解
9.200 1.193.00
第1步
趨勢科技移動安全解決方案
趨勢科技移動安全個人版可以保護來自惡意軟件和木馬的應用程序的Android智能手機和平板電腦。應用掃描器是免費的,檢測到惡意軟件和木馬的應用程序,因為它們是下載,而SmartSurfing使用您設備的Android瀏覽器阻止惡意網站。
下載並安裝趨勢科技移動安全應用程序通過谷歌播放。
第2步
刪除不必要的應用程序,您的Android移動設備
[了解更多]
This entry passed through the Full-Text RSS service — if this is your content and you're reading it on someone else's site, please read the FAQ at fivefilters.org/content-only/faq.php#publishers. Five Filters recommends: 'You Say What You Like, Because They Like What You Say' - http://www.medialens.org/index.php/alerts/alert-archive/alerts-2013/731-you-say-what-you-like-because-they-like-what-you-say.html
留言列表
留言列表
