Tag Archives: cybercrime

Android “antivirus” scam – still on Yahoo ad-running sites #malware

This year-old scam has resurfaced very prominently, and I’ve run into it on various websites that show Yahoo ads, indicating pretty massive malicious advertisement volume. A browser pop-up says the following:

Virus Affecting your Android? Turn on Virus Scanner NOW!

If you click “OK”, you can be taken to a variety of destinations, including:

  • a spammy but legit-looking dating app on Google Play with 50mil(!) downloads – I’d imagine malicious ads are partly responsible for that number, maybe via an affiliate?
  • a selection of some shady dating/porn sites
  • and best of all, a step-by-step guide for you to enable app install from unknown sources on your phone, and download a modified version of “Android Armour” APK binary with God knows what added functionality:

disable-play-only

Very impressive, considering these friendly folks are basically talking people into opening up their phones to every other kind of evil garbage that comes up next.

I ran into this a bunch of times over the last few weeks, as recently as this weekend on Tumblr. I know Yahoo is trying to squash these as fast as humanly possible, but until then, beware. And again, in US, it’s a good idea to never install anything on Android from anywhere other than Play.

How mobile viruses and scams spread around

So apps are secure, because everyone gets them from the store, right? Um, no. That’s kind of the case for Apple’s platform, where you have to go out of your way to find malware, but with the Android shipments outnumbering iOS device shipments 6 to 1, the real fun for bad guys and researchers happens in the Androidland.

  • Third-party stores – you’d be surprised to find out that besides Play there are 500 app stores out there, of varying degrees of shadiness and security practices
  • “Review” forums and blogs – e.g., even a legit-looking site Androidpolice.com, who really should know better, instead of getting people into habit of only using Play, encourages them to directly download APKs from a weird-looking Androidfilehost.com “mirror”
  • Sending download links via SMS spam
  • Email spam – “email from dad” that passed all Gmail filters and let me download a malicious app binary on the phone
  • Twitter – as a bad guy, you get some followers, then start spraying links like download skype for mobile, and you got yourself a nice little install base for your scammy app
  • Ads on web and mobile, links on websites that redirect you to an app binary download
  • More bizarre ways like infecting via Bluetooth apparently

Just by watching and scraping some of these you can build yourself a sizable library of some pretty nasty stuff. Just watching the Twitter feed for some of those scams is pretty fascinating.

An amazing story about real-life Walter White of the interwebs

silk road

Ok, so he’s not really Walter White, just a dumbass grad school dropout, but this is still pretty mind-boggling. The Silk Road takedown has been all over the news, but here are a few things that I found particularly insane:

  • He was able to run an ebay for drugs and “services” in the open for two+ years and presumably collect $80mil with no immediate concern from anyone, though it was well-known enough that I’ve read about it a couple of years back
  • The idiot apparently fell for the fed-staged murder-for-hire-over-the-interwebs thing twice, and he seems to have genuinely believed it worked!
  • The first time, he ordered a hit on his crack-selling colleague (why would anyone in their right mind hire a drug dealer to run a website is beyond me) after the said colleague already got busted – how was that supposed to work?
  • Looking at the charges, it will be a very, very long time, if ever, before that dude gets to chill in a San Francisco coffee shop again

This sounds so absurd that I wouldn’t be surprised that he was really more of a Jesse than Walt; in a prior interview he kind of hinted that he apparently took over the site from someone else.

The moral of the story is this. Despite all the tech-utopia about the Bitcoin and such, it doesn’t seem likely that the government will tolerate any “disruptions” in the areas of anonymous public payment systems or uncontrolled circulation of various goods and activities. It will slowly but surely get to every new such development, reminding everybody that the Internet is not exactly an escape from the real life, just an extension of it:

The government’s investigation into the Dread Pirate Roberts and Silk Road officially began back in November 2011, when law enforcement agents began making a series of more than 100 individual undercover purchases of controlled substances from Silk Road vendors. Now, many of those vendors — and their customers — have to be wondering how long it may be before investigators come knocking on their doors.