Adware Infects Firmware of 40 models of Low-End Android Smartphones


An Android Trojan displaying unwanted ads which installs nuisance software on mobile phones has been found in the firmware of smartphones, and also in well-known Android applications.

Researchers of Dr. Web told on Thursday that the Gmobi Adware has infected minimum 40 models of low-end smartphone, and it is in many applications provided by popular companies.

Gmobi is packed as a personalized program in SDKs (Software Development Kits) for Google's Android platform. While developers use SDKs to expand the functionality of Android apps, the Trojan module can update the operating system remotely, display notifications, collect information and can make payments through mobile.

Softpedia.com posted on 18th March, 2016, stating that Dr. Web did not provide the name of the SDK, but said that it helped developers to make the display of notifications on an Android smartphone automatic.

Trojan operates in a simple way. Once the smartphone is connected to the Internet or wakes up after sleeping for more than a minute, it starts collecting information on the device and sends it to a C&C server.

Once these details reach the server, it replies with commands to update the local database of ads, display an ad through a notification box, add shortcuts for different advertisements on the home screen, show a notification which starts an app on being tapped or install another app secretly.

Ads can be shown in status bar by Gmobi through interactive dialogs, dialogs, on top of the screen, on top of other applications, or launch a Google Play or a local browser in specified page.

Whenever users click on displayed ads, software is downloaded causing generations of profit by cybercriminals, and collected information sent to them becomes bonus. It is the latter point which is the matter of concern because you often expect to deal with nuisance ads in lieu of software with ad-supported free mobile applications.

The companies are informed immediately by the security team about the infection, and at the moment, at least, Trend Micro Dr. Safety and Trend Micro Dr. Booster are secure and free from the danger. Asus is considering how to tackle the problem in the best way.

ยป SPAMfighter News - 3/28/2016

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page
Next