SonicWall Security Center
Share: Linkedin Share Facebook Like
Back to SonicALERT


Blackfriday brings malicious apps to the Android ecosystem (Nov 14, 2017)



Description


The month of November brings a lot of shopping deals thanks to Black Friday. The deals and discounts are in abundance online as well as in stores. However these days there is an app for everything, shopping is not far behind as there are apps from all major online retailers. Moreover there are specific apps that showcase the best deals from all around the marketplace.

The month of November sees a spike in installation of such shopping apps, naturally this is a good opportunity for malware writers to spread their malicious apps. We will try to document our findings for the year of 2017 with regards to Black Friday:

DroidJack

One of the first apps we observed was being distributed was DroidJack with the name amazon. We have covered DroidJack in the past where it masqueraded different apps here and here.
Below is a comparison of the amazon named Droidjack app with an older DroidJack which used the Facebook app's icon and name:



Clearly the internal structure remains the same, however the malware writers are using BlackFriday as a means to spread their apps. A point to note though, the current app only uses the name of amazon and nothing else. No efforts were made towards copying the icon.

It is interesting to note that the author of this app has been creating malicious apps with DroidJack components in them, just around the shopping season the author created a DroidJack infested app with the name amazon.

We will continue to update this blog with new findings as the Thanksgiving season reaches its peak.

Sonicwall Capture Labs provides protection against this threat via the following signature:
  • GAV: AndroidOS.DroidJack.MA_2 (Trojan)
Sample analyzed:
  • App name: amazon
  • Package name: net.droidjack.server
  • MD5: bc66d909ea906dc5933e7dacd6a461d1



Back to top

Back to SonicALERT

Follow: Follow us on Facebook Follow us on Twitter Join the Conversation
#SonicWall
© 2017 SonicWall | Privacy Policy | Conditions for use | Feedback | Live Demo | SonicALERT | Document Library | Report Issues
Version: 13.6 | S2MSW02