Of slithering serpents and extra security for Android phones

With all of the security improvements, criminals find and exploit various ways of circumventing them to deliver their malicious creations to end-users’ phones, which puts at risk both the device owners and the businesses they are involved with.

A malicious Android app spoofing the popular BatteryBot Pro app has been pulled from Google Play, Threatpost reported earlier this month. It appeared as though the app was in the Google Play, but it turned out it had never made it through Google’s security. Malicious apps can be installed from elsewhere, and that’s just another reason both end-users and corporate Android-based smartphones require an extra layer of security.

BatteryBot and Click Fraud

The malware in question was a package trying to get full control of an Android-based device. The criminals behind the scam apparently were trying to harvest enough devices to gain from such popular “profit generators” as click fraud, ad fraud, and premium SMS fraud, as well as download and install other malicious Android packages called APKs.

Upon installation, it demanded administrative access which is a major red flag on its own. Once granted, it performed the same functions as the original BatteryBot Pro – a battery indicator app for Android devices; but with some nefarious activities in the background.

It had been observed to load various ad libraries for click fraud. It collects specific data from a device, including available memory, the IMEI number, location, model, language, and SIM card availability. Based on that data, the device later starts receiving instructions on which ads to display and where to fetch them. Eventually, the user is bombarded with streams of ads they never asked for.

And not just that: When a user clicks on the View Battery Use feature in the app, the malware requests short codes from the attacker’s server which are premium rate SMS numbers that are messaged. Bye-bye, cash.

And since the creep-app has acquired admin level of access, users won’t delete it. The bad guys behind the app ensured its persistence in style. For technical details, please refer to this Threatpost publication and check the original research as well.

It didn’t make it through

As said before, the malicious app has not made it past Google’s security systems. Miscreants have uploaded the app to Google Play Developer Console, which enables developers to easily publish and distribute their applications directly to users of Android-based handsets. During the scanning, however, the fake app got flagged and blasted. Kudos to Google Play’s security tools.

That doesn’t mean the threat is annihilated. Apart from Google Play, there are multitudes of other app stores, less official and less heavily supervised. It may not take long before the more advanced version of this app shows up somewhere else.

However, Google keeps doing a good job of improving the security in a way that will clip the wings to many of the malicious app-writers. For instance, it is going to change the policy so that excessive permissions are not requested and granted. The authors of fake BatteryBot Pro will then have to find some other way to do their “business’ or try an honest job.

With all of the security improvements, criminals find and exploit various ways of circumventing them to deliver their malicious creations to the end-users’ phones, which puts at risk both the device owners and the businesses they are involved with. Android is the most malware-targeted system today with over 98% of malicious apps being written for this mobile OS, despite titanic and quite successful efforts from Google to fix past mistakes and improve their system’s security.

It is most effective to have the local layer of security in place; that would ensure protection from ubiquitous malware and, what is even more important, safety of data stored on the device. Data encryption, protected e-mail, tools to protect from fraud, anti-theft functionality – there is nothing excessive about them. There is no insurance against making mistakes, but there are ways to minimize their possible consequences. Kaspersky Lab offers solutions for both personal use and also centralized corporate protection of BYOD devices, ensuring security of devices and data contained therein. Check out our offerings at www.kaspersky.com/business-security.

Tips