- ThreatMetrix Announces $30 Million in Growth Capital with Silicon Valley Bank to Accelerate Global Market Eminence
- ThreatMetrix Highlights Influential Moments at 2016 Digital Identity Summit, Business Without Borders
- ThreatMetrix Prevents Over $15 Billion in Annual Fraud Loss
- ThreatMetrix Fall ‘16 Release Secures the Future of Global Digital Business
- ThreatMetrix Announces Accelerate Partner Program to Advance Channel Sales and Service Opportunities
You’ve been around the block. You know the score. You’re nobody’s fool.
Anyway, when it comes to malware and navigating the Internet, you maintain a healthy suspicion of everything, including what your friends send. You have a good nose for sniffing out the difference between a spoofed website and a genuine one. You know better than to click on the wrong link. And, then one day…
Padmini Harchandrai in Tech2.in.com relates the tale of security expert Vanja Svajcer who received a Facebook friend request. Being careful, Svajcer used his Android device to check the requester out before accepting the request. A link on the requester’s Facebook profile redirected Svajcer’s browser to a webpage automatically downloading malware to his Android phone. The malware package was called any_name.apk and it looked like it was designed to earn money for scammers through premium rate phone services.
Svajcer said the malware was using a class name, com.opera.install, which made it look like it was associated with a legitimate Opera browser app. “An encrypted configuration file inside the package include[d] the dialing codes for all supported countries (for instance, the UK …) and the premium rate number and text of the SMS message which it intend[ed] to send.” The application made an appearance to let Svajcer know what it planned to do when he ran it, but in reality, it installed itself without his permission.
Knowing there was malware, but wanting to know how it worked, Svajcer visited the same link a few days later on his Android smartphone. This time he was taken to another website, which downloaded a different application, allnew.apk. The new application performed the same function as the original malware, but was coded differently as Andr/Opfake-C.
Harchandrai writes, “This kind of malware is similar to clickjacking, which takes place very often on Facebook. Users are usually shown a link that is malicious and provocative in nature and when they click on it, they are made to go through surveys, which ask them for very personal information before they are told they can see the video.
“Sometimes, the end result is a sale of very expensive premium telephone plans. However, even after they’ve filled out the surveys, the promise of viewing the video is never met. It’s…called clickjacking, because when users click “Like” on the first bait page, their friends see that activity and are in a position to fall victim to the same trap.”
Wow, don’t even get the see the video. Talk about adding insult to injury.