Share this Article

Malware for Android poses as Firefox

Facebook
Twitter
LinkedIn

Malware for Androids

Malware for Androids

These days mobile devices are as common as computers, if not more so. Some people have even forsaken the computer entirely in favour of them. While they might be mobile they are still very much computers, and as such they are just as much at risk for attracting malware and other damaging programs. If you have an Android device there’s a new piece of malware you should be aware of.

In late June 2012, the mobile version of Firefox was released on the Google Play store. Some enterprising hackers have taken advantage of this and posted apps on a Russian website that are actually malware.

These apps are a form of the Boxer malware app. Boxer is an app that can be downloaded and installed on Android devices. When downloaded and opened, it will bring up a Rules page – the page that tells you what permissions the app needs to run – and asks you to accept it. This page contains one extra rule in small print: it gives the app permission to send and accept SMSs from paid services.

When the user hits Accept, an SMS will be sent to a number ending in 2855, 3855, 7151, or 8151 and the user is taken to a webpage to download the actual app, with a message saying the app has been activated.

What sets the Firefox version apart from other versions is that it doesn’t ask the user for permission to install or show the rules page. It installs and sends the SMS to the above numbers without the user knowing. The other difference is that this version sends the user to Google’s search page not the download page for the real app.

The interesting thing about Boxer malware is that it has appeared a number of times posing as different popular apps, suggesting there could be a trend developing. We highly recommend that you only download apps from approved sites like Google Play, and always look at the publisher of the app before downloading. If you have any questions regarding the security of your Android device, please contact us.

Published with permission from TechAdvisory.org.