Fake Google+ App Delivers Fraudulent SMS and Ad Spam

The NQ Mobile Security Center has detected new Android malware masquerading as a Google+ app. The fake app is an SMS worm, and when activated, sends text messages to all of your contacts encouraging them to download the fraudulent app, as well. In addition, the app loads AdMob ads on your phone, resulting in malicious popups that can lead to further app downloads if you aren’t careful.

FraudPlus, otherwise known as a.fraudware.selfmite.a, infected 90 users in 28 countries before it was caught and neutralized. NQ Mobile Security users are protected from any further outbreaks of this virus.

FraudPlus downloads were limited to 3rd party app stores, so folks who exclusively download their apps from Google Play were protected in this case, unless the malware was sent to them by SMS.

Countries affected by FraudPlus

Countries affected by FraudPlus

Package Name: com.google.gsn.plus

SMS Samples (links now redirect to 404 pages):

  1. Hey, try it, its very fine. http://x.co/5XBNm
  2. b. Hi buddy, try this, its amazing u know. http://x.co/5XXHl

Malware Screenshots:

FraudPlus Screenshot     FraudPlus screenshot

Permissions Requested:


Protect Yourself from FraudPlus:
NQ Mobile Security users are already fully protected from FraudPlus and all other malware threats. If you don’t have a powerful mobile security application on your phone, we recommend that you take the following precautions to prevent damage from future threats:

1. Only download applications from trusted and reputable app stores and markets—think Google Play.

2. Always check reviews, ratings and developer information before downloading apps.

3. Never accept app download requests from unknown sources.

4. Closely monitor requested app permissions to be sure the app is accessing no more than what it needs to. That flashlight app requesting your location? Yeah, your gut is correct, that makes no sense so take a pass.

5. Be alert for any unusual behavior exhibited by your mobile phone—it can be a sign of malware. If you find yourself in a situation like this it’s time to run a quick anti-virus check.

NQ Mobile Security for Android is available for download at nq.com and on Google Play.

Apps Collect Our Data. How Do They Use It?

Most mobile users know that apps frequently collect private information. While it’s true some people aren’t aware of it, most who are aware tend to be indifferent to the idea. But, don’t we deserve a little more info about what app makers actually do with the data they extract from our mobile devices?

An article by NBC’s Bob Sullivan  describes a flashlight app that tracks a smartphone user’s location. It was surprising to many folks to find out that such a handy, seemingly harmless app would be tracking their physical whereabouts, and you have to wonder why an app as simple as a flashlight would need to know that. What’s more distressing is many apps collect device IDs, photos, contacts and even our gender.

Jason Hong at Carnegie Mellon University’s Human-Computer Interaction Institute revealed that users don’t care as much about what apps do with our data, as we do about being kept in the dark and being surprised about it.  When seemingly innocuous apps want user data like our geographical location, like the “flashlight” example, it’s a natural response to be suspicious.

Here are a few reasons why personal data is collected:

  1. Your data can help app makers to make important decisions related to future feature enhancements.  These features may help the app to work for you in a more personalized way.
  2. Some apps gather your personal data so that they can target specific ads to you. If your data shows you meet certain criteria, advertisers will tailor their marketing efforts accordingly.
  3. In the case of a malicious app, your personal data could be sold or used for illegal purposes. For example, this type of app might send text messages without your consent to premium numbers. In such instances some users have reported being charged as much as $10 per message. Getting access to your contact list can be a goldmine for malware authors and spammers.

Data gathering doesn’t always have a sinister purpose, but unfortunately we usually aren’t informed why it’s needed. It’s reasonable to wonder how our private information will be used.

Although not required to say why, mobile apps most often warn us when they’re going to collect our information, and they often even specify what data they’ll take. The downside is that we aren’t given a choice – we can either agree to the exchange of data, or pass on downloading the app. That’s not satisfactory to most of us, and perhaps it will change eventually. But, for now, developers aren’t required to give us a choice and the research shows most of us are still willing to take the risk.

As users, what’s the best practice? Make it a habit to read the permission screens on all apps you download.  Make a conscious decision about whether you want to give away the information wanted by the app. If you can’t understand or interpret the permission screen, go to the apps’ website, if it has one, and see if you can get more information before downloading. Make sure you have a strong mobile security app on board to catch any malicious code.

Have you used apps that surprised you with how much or what type of data they want to collect? Tell us about your experiences on our blog, or join us on Facebook.

Your Mobile Phone + Web = Happy

Web access through our mobile phones is a gift that keeps on giving. Whether you’re in a tight situation and need to find a quick answer for a presentation, or are desperate to find a source for some shoes you just fell in love with, the mobile phone’s our best friend when it comes to instant gratification. Don’t forget to consider mobile security the next time you order those new shoes or research a test question.

Mobile safety is the order of the day. Malware authors are very busy right now finding new ways to tap into your mobile privacy, your identity and, well, your money.  Don’t be worried about mobile safety – just be aware.  Here are some reminders.

  • Watch out for phishing! Check the URL you’re accessing. If it looks odd, has even one incorrect character or contains a sub-domain you don’t recognize, don’t go there.
  • Make your purchases only from sites that are plainly secure. Before putting in a credit card number, you should see https: in the URL, and maybe a padlock symbol. If you don’t, you might be on a fake website.
  • Never click on an offer for free apps.  Buy your apps from trusted dealers. Free apps are typically re-engineered to contain bots and spyware. Avoid them. Free isn’t free.
  • Don’t respond to uninvited texts, voicemail, email or pop-ups.   

It’s just too easy to accidentally end up on a fake website, or to click on an infected ad for something that interests you. Even legit websites can contain noxious ads or links.  Needless to say, mobile malware can spoil your day, if not worse.

The only real mobile protection comes in a strong mobile security package that will alert your before your phone gets infected. Even better — its’ free!

Your smartphone can remain your best techno-friend if you stay aware of mobile safety rules, and take a few moments to protect yourself from the bad stuff.

Please share your stories about malware that’s threatened to spoil your day. We’d love to read your comments.  Share with us on our blog, or visit us on our Facebook page.

Don’t Get Trampled by Trojan Horse Malware

A new occurrence of Trojan-type malware is in the news this week. Designed for Android systems, it’s using Facebook’s newly acquired Instagram to disguise itself, and once it’s loaded, silently sends SMS messages to premium numbers from your smartphone at great expense to you, the user.

What are Trojans? We all know the story of the historic Trojan Horse that rolled into the city of Troy, full of armed Greek soldiers who surprised their enemy when the giant horse opened up. A mobile malware Trojan works much the same way. Once in your phone, it’s activated by your command to download, or by some other action you’re likely to take.

The shrewdest of this breed often travel in popular apps that’ve been cloned and restructured to accomplish their illegal tasks. Trojan malware can make your phone and all your activities transparent to the perpetrator. It can steal your passwords, contacts and personal information. It can also cost you lots of money.

The new Instagram malware was created in Russia with Russian text, but it will undoubtedly begin to appear in other languages. If one is alert and aware, there are signs that it’s fake. Blogger, Denise Richardson, explains that the fake Instagram app will allow you to look at photos, but might plant the image of a Russian man in the background of “a variety of scenes.” Creepy!

Watch for these signs when downloading an app, especially one that’s new and hot on the market, or one that you’ve purchased at a bargain price or obtained for free:

  • When you install the app, it does nothing and appears to simply be defective, it may have gone underground in your phone to send text messages or calls. Check your bills.
  • If the app’s graphics don’t look sharp, the text has an occasional misspelled word or you note odd grammar, it may be an imposter.
  • If your phone begins to be sluggish, uses too much battery or behaves differently from before, you may have downloaded malware.
  • If some of your files or app icons disappear, or your system is otherwise altered, there may be malware in your system.
  • If your friends begin receiving odd texts, voicemails or emails from you, you can be certain you have malware.
  • If your bill reflects unrealistic charges, you can be sure you have a Trojan running in the background.

The best defense? Be sure you’ve downloaded a powerful mobile security product that will protect your phone from malware, and extinguish it before it ever reaches your smartphone’s system. It’s the best way to rest easy that you won’t be inviting an unwanted Trojan or its distant cousins into your phone, and the best part is, it’s free!

Seniors and Smartphones

While baby boomers are now needing glasses and hearing aids, their communication needs continue to change, as well. In this age of advanced medical care, many boomers  themselves have living parents. For the aging and elderly, communication becomes a more critical part of life.  Smartphones and tablets are a boon for the senior community, in more ways than one.

Senior Smartphones Abound

If your Grandma and Great Aunt Mary have their own smartphones, they’re part of a growing segment of consumers. A Nielsen study claims that folks 55-64 years old represent the fastest growing group of smartphone owners.  Obviously, people in this age group aren’t necessarily hoping to look cool or wanting to fit in, but are recognizing the obvious benefits of these amazing gadgets.

Depending upon your loved-one’s age, a smartphone can provide smart shopping tips, driving directions, and emergency contact features.  Senior apps are abundant, and include everything from healthcare support to origami lessons. Elderly folks are staying in touch with their kids by playing online games, and, what grandparent doesn’t enjoy producing a magic answer for a fussy child in a restaurant?

The ability to use a touch-screen rather than having to remember how to get where they want to go is a huge plus for seniors.  Even those who have become somewhat forgetful find it easier to remember the meaning of a graphic symbol on a screen.

How Tech-Savvy is Your Senior?

Perhaps your aging loved one knows everything there is to know about using a smartphone.  However, more likely, there are aspects of the technology that are just too complex to bother with.  One of those is the threat of mobile malware.  How can we expect a senior to know all about the signs of malware, what it does and how they should react to it?  It’s a complicated piece of learning for some, who are satisfied just knowing how to dial an emergency contact number or how to use a GPS so they don’t get lost.  Elderly folks can be easily overwhelmed with too much information, especially if it’s of a technical nature or contains unfamiliar terms.

Mobile Protection for Grandma and Grandpa

The easiest, most straightforward way to protect your loved ones from mobile malware and ensure a sense of security is to download the best mobile protection product from a trusted company.  Maybe your senior smartphone owner knows that mobile malware exists, but why force him or her to get too involved in the details?

Try NQ Mobile Security

NQ Mobile Security will catch any form of malware before its able to make its way into Grandpa’s phone, and it will alert him if he’s trying to access an infected website or fake URL.  It’s easy to download, it’s free, and it comes from a trusted company with more than 126 million customers.  Let your seniors off the hook when it comes to malware, and give them the best mobile security available today.

New Malware Alert — NQ Mobile Exposes “UpdtBot”

NQ Mobile’s research team has discovered another new malware infection designed especially for Android devices. UpdtBot is transmitted via SMS messages, and shows up as an urgent alert to the smartphone user, telling them it needs to perform a system upgrade.

The malicious link for this new malware could arrive in your SMS log piggybacked onto any kind of text message, since this is how it travels and proliferates.  Once it’s in your system, it registers with and connects to a remote server, which instructs it to quietly conduct various forms of mischief, including making expensive calls and downloading and installing uninvited apps.

Our researchers think UpdtBot will prove to be exceptionally dangerous because it poses as an innocent system file.  Its creators will profit from it by sending commands to your phone to conduct stealthy, costly activities, such as making premium calls.  Unfortunately, it appears that  more than 160,000 Android users have already been affected by the UpdtBot malware.

NQ’s respected research team wants to take this opportunity to remind users of their common sense guidelines:

  1. Only download applications from trusted sources, reputable application stores, and markets, and be sure to check reviews, ratings and developer information before downloading.
  2. Before you install an app, carefully review the “permissions” and make sure you’re comfortable with the data they’ll be accessing.
  3. Watch out for unusual or suspicious behavior on your mobile devices, such as unauthorized charges to your phone bill, text messages from unknown sources, and decreased battery life.
  4. Download up-to-date mobile security software on your mobile device, such as NQ Mobile Security, which scans your apps for malware and helps you locate a lost or stolen device.

All NQ Mobile Security users are automatically protected from UpdtBot malware, as well as all other mobile threats.   You can read more of the technical details about this malware on our NQ research site.

NQ Mobile Security offers a free download on its website.  Don’t wait until you see UpdtBot’s confusing warning show up on your phone.  It’s not worth taking a chance that this “bot” will visit your phone soon.  Download NQ Mobile Security today.