In its 3Q 2012 Security Roundup report, security firm Trend Micro has revealed that a total of 175,000 malicious Android apps have been spotted. The study has also highlighted the fact that aggressive mobile adware has become more problematic in the past period.
While testing Android apps from Google Play, Trend Micro Senior Threat Researcher Alice Decker uncovered
a free Flash player app, which contained such an adware module.
The module in question poses a risk for several reasons. First of all, it collects information from the device on which it’s installed, including IP addresses, unique 64-bit identifiers, OS version, victim’s location based on GPS, mobile network and country code, phone number, IMEI, and manufacturer details.
It’s also designed to harvest details of registered accounts, calendar information and even browser bookmarks.
Furthermore, the aggressive module also displays advertisements outside the app, a practice strictly prohibited by Google.
The worst part is that this particular FLV Video Player has already been downloaded from Google Play more than 1 million times. This means that the individuals who control the Android app could have easily collected the details of around 1 million users.
Interestingly, the FLV Video Player also has a paid version that doesn’t contain advertisements and, implicitly, it doesn’t contain the malicious adware module. However, this particular variant has been downloaded only around 1,000 times.
Unfortunately, this is not the only bad news. The adware module has been found in 7,000 other Android apps, 80% of which are still available. Moreover, over 10% of them have already been downloaded 1 million times.
The servers utilized by the advertising module have a very low reputation score. Also, it’s believed that the company that operates them doesn’t use them only for advertising, but also for phishing and other types of scams.