My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets


Back to the news list

Airpush exploited to spread Trojans onto Android devices

March 13, 2013

Russian anti-virus company Doctor Web is warning users that the Airpush Mobile Ad network is often being exploited to spread Android.SmsSend Trojans. Unfortunately, messages displayed by Airpush can confuse users into downloading malware.

Doctor Web has been receiving complaints regarding false positives by Dr.Web for Android; the anti-virus had been detecting Android.SmsSend.315.origin in the application GooglePlay_install.apk. Doctor Web's virus analysts examined the issue and confirmed that there was no mistake—the program was a fake installer that charges people to access free applications by sending messages to premium-rate numbers. Nonetheless, such complaints are still being received. The investigation revealed that the Trojan spreads via the Airpush ads network.

It is well known that many games and other applications for Android are available free of charge, but developers, wanting to get compensated for their time and work, often embed ad network code in their programs and display various advertisements to users. Airpush usually shows ads in applications, but certain versions of its modules can also display dialogue windows within a program and prior to its launching. These dialogues can incorporate arbitrary content, which is what the criminals, who decided to spread Android.SmsSend.315.origin in this manner, used to their advantage.

In particular, an Airpush dialogue can prompt an inexperienced user to update Android.

Once the user agrees, a malignant package is downloaded, installed and launched on the device. Then the malware displays a progress bar to imitate the installation of the application GooglePlay.

After that the Trojan displays a genuine Google Play link to the user and withdraws a moderate amount of money from their mobile account.

Doctor Web recommends that users of Android devices pay special attention to messages displayed on the screen, especially those prompting them to update apps or the OS. Before you agree to an installation, make sure that the files to be downloaded are genuine and really required. To do so, go to the official website of the respective application. In addition, you can use Dr.Web products for Android to maintain the security of your device.

Tell us what you think

To ask Doctor Web’s site administration about a news item, enter @admin at the beginning of your comment. If your question is for the author of one of the comments, put @ before their names.

Other comments