Security company FireEye recently announced that it has discovered an email spam campaign that started last September 6 and is still going on right now. The campaign uses the same techniques as that used to spread Windows malware but this time around it is being done on the Android system.
The discovered email spam campaign tricks people with themes such as failed USPS package deliveries or electronic wedding invitations. These emails contain links and once a person clicks on the link it opens up a website that contains an Android package known as “LabelReader.apk”. This package installs the popular Android malware “Android FakeDefender” on the device.
FakeDefender tricks people into believing that it is a legitimate security application. According to Vinay Pidathala, a senior security researcher at FireEye, “the malware deceives users into paying for cleanup of other non-existent infections on their device. In addition to displaying fake messages of infection, the APK also has the functionality to intercept incoming and outgoing phone calls as well as messages.”
Using email to spread malware isn’t a new technique however it is not commonly used in the Android platform. Most of the malware that is being spread for the Android system is being done through third-party app stores or even at Google Play.
Bogdan Botezatu, a senior e-threat analyst at antivirus vendor Bitdefender, said that “Spammed malware for Android is becoming more and more popular with cyber-criminals, because they can target more devices at once. This is already the third wave of spam leading to Android malware this year and we presume that cyber-criminals are still just running tests to see how well their threats perform before taking the business to the next level.”
For Android users to be protected against these malicious apps make sure that the “Allow installation of apps from Unknown Sources” is disabled. Also make sure that apps installed on the device come from trusted sources such as Google Play.