Fake Google+ App Delivers Fraudulent SMS and Ad Spam

The NQ Mobile Security Center has detected new Android malware masquerading as a Google+ app. The fake app is an SMS worm, and when activated, sends text messages to all of your contacts encouraging them to download the fraudulent app, as well. In addition, the app loads AdMob ads on your phone, resulting in malicious popups that can lead to further app downloads if you aren’t careful.

FraudPlus, otherwise known as a.fraudware.selfmite.a, infected 90 users in 28 countries before it was caught and neutralized. NQ Mobile Security users are protected from any further outbreaks of this virus.

FraudPlus downloads were limited to 3rd party app stores, so folks who exclusively download their apps from Google Play were protected in this case, unless the malware was sent to them by SMS.

Countries affected by FraudPlus

Countries affected by FraudPlus

Package Name: com.google.gsn.plus

SMS Samples (links now redirect to 404 pages):

  1. Hey, try it, its very fine. http://x.co/5XBNm
  2. b. Hi buddy, try this, its amazing u know. http://x.co/5XXHl

Malware Screenshots:

FraudPlus Screenshot     FraudPlus screenshot

Permissions Requested:


Protect Yourself from FraudPlus:
NQ Mobile Security users are already fully protected from FraudPlus and all other malware threats. If you don’t have a powerful mobile security application on your phone, we recommend that you take the following precautions to prevent damage from future threats:

1. Only download applications from trusted and reputable app stores and markets—think Google Play.

2. Always check reviews, ratings and developer information before downloading apps.

3. Never accept app download requests from unknown sources.

4. Closely monitor requested app permissions to be sure the app is accessing no more than what it needs to. That flashlight app requesting your location? Yeah, your gut is correct, that makes no sense so take a pass.

5. Be alert for any unusual behavior exhibited by your mobile phone—it can be a sign of malware. If you find yourself in a situation like this it’s time to run a quick anti-virus check.

NQ Mobile Security for Android is available for download at nq.com and on Google Play.

Catch Up With the Latest News from NQ Mobile’s Research Team

Around the globe, NQ Mobile’s team of security professionals are taking the pulse of the mobile landscape every day. They report back all the good news – like, about how we consumers are doing better at protecting our mobile devices – and sometimes they have some less-than-pleasant news to report. Unfortunately, that’s the kind of news they have for us this week.Malware discoveries by year

Our researchers are noticing an increase in skilled hackers partnering up with criminals by selling them data that they’ve stolen. In turn, cybercriminals are using the info they purchase to get access to the finances of consumers like you and me. They use tricky methods that, in the mobile business, are called “social engineering.” In simple terms, they manipulate unwitting consumers into giving up their valuable confidential information.

Tremendous growth, worldwide

Our professionals estimate that more than 10 million devices have already been infected in the first quarter of this year!  Here are some of their key findings:

  • Over 32.8 million Android devices were infected in 2012 vs. 10.8 million in 2011 – a whopping increase of over 200 percent
  • The top five markets for infected mobile devices were China (25.5%), India (19.4%), Russia (17.9%), United States (9.8%) and Saudi Arabia (9.6%)
  • 65% of malware discovered in 2012 falls into a broader category of Potentially Unwanted Programs (or PUPs). PUPs include root exploits, spyware, pervasive adware and Trojans (surveillance hacks)
  • 28% of mobile malware discovered in 2012 was designed to collect and profit from a user’s personal data
  • 7% of malware was simply designed to make a user’s device stop working (i.e., “bricking” their phones)

Our Co-CEO, Omar Khan, said “The security industry’s ‘discover-first-and-inoculate-second’ strategy is no longer enough,” said Omar Khan , Co-CEO, NQ Mobile. “We need smarter systems that can discover threats before they infect consumers as well as more education so consumers can better spot and avoid these new mobile scams.”

What we can do as consumers

The very first step we can take is to make sure we have the strongest mobile security Global infection ratesproduct available on our mobile devices. When purchasing a new phone or tablet, make this your first priority. If you already own mobile devices, take a moment to get them protected from all the viruses, scams and malware that have the potential to invade your privacy and steal your assets.

Cyber criminals get trickier every day. As consumers, we need to get ahead of them and become a cohesive force to thwart their illegal activities. Cyber crime is no joke. Don’t wait until it happens to you. No one’s exempt. Protect the privacy and well-being of your family and business as a first priority.

Read our news release for more information.

Cross-Platform Attacks are Real

Computers and Smartphones aren’t so different.  Researchers at NQ Mobile Security Center identified and confirmed a surprising new threat that showed up last month on Google Play.

Syncing up your mobile gadgets using your PC’s USB port is routine stuff, but could an electronic infection be exchanged in the process? Apparently, yes.

Here’s how it works

Security experts discovered that a new malware was able to hijack a legitimate Android cache-cleaning app. The malware came to life when a mobile device was synchronized with a PC using the computer’s USB port. You know how when you plug something into a PC port or drive, the “auto-run” feature kicks in? This malicious app delivered a “USB AutoRun Attack.”

Here’s what it can do

This sinister variety of malware can be designed to target the Autorun.inf file in your Windows-based computer system, sending worms or Trojans across that try to load a rootkit. The worm tries to copy itself to all the PC’s drives, including removable ones such as flash drives, as well as mapped network drives. Some of these treacherous worms will also try to disable your Windows anti-virus software.

Even worse…

This type of malware is able to deliver multiple instances of something used by Windows called “svhosts.exe” files to your computer during the mobile syncing process. Through an engineered “back door” to the files, cyber criminals can gain access to a PC, and download files that steal data and capture keystrokes–-such as bank account numbers. The data is typically encrypted and sent to locations such as the Ukraine, Russia or Brazil. The virus can store its ill-gotten treasure on your phone’s SD card, or any other non-system Android folder in your mobile device’s memory.

Not surprising

If you make your living developing mobile malware, and you spend hours looking for ways to quickly and efficiently multiply your demons, it would make logical sense to design them so they are able to transmit themselves between a PC and a mobile device. It was only a matter of time. Experts call this kind of exchange a “cross-platform attack.” Makes sense.

What to do

Mobile security apps provide ongoing protection beginning before the download of apps and software. NQ Mobile Security™ detects and quarantines this malware prior to installation of the malicious files on an SD card.

Given the malware threat posed by the Autorun.inf file, here’s some info that may help:

Windows XP/Vista users:

Have you downloaded this February, 2011 Windows patch? AutoRun disabled by default”?

If not, be sure to get it at http://support.microsoft.com/kb/97102 to avoid this cross-platform malware problem.

Windows 7 & 8 users

Lucky you! Microsoft fixed this issue with Windows 7 and 8, disabling the AutoRun feature by default.

A further option is detailed in our White Paper, which you can read here.

As the world’s largest mobile security provider, NQ Mobile believes families should possess the most comprehensive knowledge base on all aspects of mobile security and privacy when using Android, BlackBerry, Symbian, Windows Phone and Apple iOS devices. NQ Mobile aims to inform and educate families on the current and future threats and suggest simple methods on how to stay safe and free from unwanted charges when using a mobile device.

Join the discussion on Facebook or comment on our blog. We’d love to hear from you.

Mobile Malware Alert: “Bill Shocker” Can Cost Users Money

New mobile malware’s been discovered

NQ Mobile’s Security Research Center has unearthed a nasty piece of malware called “Bill Shocker.” Using our proprietary RiskRanker™ cloud scanning engine, our engineers have confirmed this disturbing discovery.

What makes it shocking? First, it’s potentially one of the most costly viruses yet discovered. In addition, it’s already impacted over 600,000 users in China, and presents a potential threat to Android devices worldwide.

How this particular infection spreads

Bill Shocker is an SDK-type virus (Software Development Kit). Our experts, using NQ’s RiskRanker system, found the virus attached to several of the most popular mobile apps in China, including Tencent QQ Messenger and Sohu News. Third-party online app stores and retail installation channels are distributing the infected versions of these apps, which is allowing them to spread like wildfire.

What Can Bill Shocker Do?

Bill Shocker malware silently downloads itself in the background of your mobile device without your knowledge. It takes remote control of the device, including your contact list, Internet connections, dialing and texting functions. Once it’s turned your phone into a “zombie,” it sends text messages that create financial gains for advertisers. In many cases, the threat will overrun a user’s bundling quota, which subjects you to even more unwanted charges.

NQ Mobile’s RiskRanker system identifies potentially dangerous apps before they have the opportunity to impact users’ phone bills. RiskRanker determined that the Bill Shocker malware is capable of upgrading itself and automatically expanding to other apps, multiplying its potentially disastrous effects.

What we’re doing about it

Because Bill Shocker can be used to send costly messages remotely, NQ Mobile believes it poses a serious threat to Android users.

  • We’ve already inoculated our cloud-based NQ Mobile Security product to keep our customers safe.
  • As a public service, NQ Mobile has posted an anti-malware app to help protect all Android users. It can be found here.
  • Our researchers have alerted Chinese mobile carriers of the threat to prevent the spread of these kinds of threats.  We’ve also provided our RiskRanker cloud-scanning engine to China’s top mobile carriers including, China Mobile and China Unicom as well as Baidu Mobile Services, to help them prevent any further spread of malicious mobile viruses.

NQ Mobile technology helps to curb the spread of malware such as Bill Shocker and variants across borders and oceans. However, this is an important reminder that these threats are very real and can have devastating effects. With its proprietary threat detection system that includes the collective intelligence provided by users in more than 150 countries, NQ Mobile finds most threats before anyone else.

Our tips to avoid mobile infection

To avoid becoming a victim of mobile malware, our experts ask you to follow some common-sense guidelines for smartphone security:

1) Only download applications from trusted sources, reputable application stores, and markets, and be sure to check reviews, ratings and developer information before downloading.

2) Never accept application requests from unknown sources. Closely monitor permissions requested by any application; an application should not request permission to do more than what it offers in its official list of features.

3) Be alert for unusual behavior on the part of mobile phones and be sure to download a trusted security application that can scan the applications being downloaded onto your mobile device. NQ Mobile Security users are already fully protected from the “Bill Shocker” threat.

NQ Mobile Security for Android is available for download from our website, and on Google Play.

Read our news release.


Today Ars Technica reported that as many as 185 million smartphone users could expose their online banking and personal data through apps that have inadequate encryption protection — disturbing news for Android users.

Computer science researchers at two German universities identified 41 applications in Google’s Play Market that “leaked sensitive data as it traveled between handsets on the Ice Cream Sandwich version of Android and webservers for banks and other online services.”

Researchers were able to obtain bank account information and payment credentials for services such as PayPal and American Express, as well as info from Facebook, email messages, IP cameras and remote servers.

The results of the study were presented at this week’s Computer and Communications Security conference in North Carolina. Considering the number of apps being developed and released on the market every day, it’s not surprising there are glitches and loopholes, but it’s a bit unnerving to glimpse the depth of the potential for security breaches in apps we use every day.

We have tips. Lots of them.  But, here are a few of the most important ways to protect your safety and security on your smartphone:

1)     Always have a powerful mobile security app downloaded into your smartphone.  We can’t stress this strongly enough. A simple-to-use app like NQ Mobile Security will prevent others from violating your privacy, and will catch problems before they ever reach your handset.

2)     Use unique passwords for your financial transactions, and change them frequently. Let your phone lock after even short periods of idleness.

3)     Don’t overshare on Facebook. Ever.

4)     Look for reviews on apps you want to download, and purchase them from reliable sources. Not all app developers are as conscientious about security as they might be. Let’s do our homework.

5)     Never ignore updates. Keep your equipment up to date and your system clear of unnecessary data.

It’s important to become educated about mobile security and safety. October is National Cyber Safety Awareness Month, and there are hundreds of resources available for families, educators and businesses for learning the best smartphone practices. Check out NCSA’s website for tips and learning materials, and see NQ Mobile’s Family  website for even more information on how to keep your family mobile-safe.

Watch Out for VDLoader – New Malware Delivers Bad Apps Via SMS

NQ Mobile researchers discovered yet another malware threat for Android this week. Much like last week’s discovery of DyPusher, this one, called VDLoader, has an added feature – it pushes infected apps and URLS, but also pushes its own upgrades.

What is it?

To refresh your memory, an app-pusher is disguised malware that “pushes” unwanted apps and URLs into your smartphone’s system, obeying commands from a remote server. This one masks itself on your phone as an SMS text message. Once you click on the details of the fake message, it goes to work downloading infected apps.

Our scientists say VDLoader not only causes unnecessary consumption of data leading to potential financial loss, but introduces some serious security threats to your Android phone, as well.

How can you tell if VDLoader’s in your smartphone?

Unfortunately, you can’t. You won’t see an icon or any other evidence of VDLoader on your phone. You’ll only see fake text messages from unknown senders. This malware kicks into action once you click on a link within the SMS message where it’s hiding.

What to do?

NQ Mobile Security users are already fully protected from VDLoader and all other malware threats. If you don’t have a powerful mobile security application on your phone, we recommend that you take the following precautions to prevent any damage from VDLoader (and other threats):

  • Avoid and delete uninvited or unfamiliar text messages. If you do open one, don’t click any links contained in the message.
  • Only download applications from trusted sources, reputable application stores, and markets.
  • Be sure to check reviews, ratings, and developer information before you download anything.
  • Never accept application requests from unknown sources, and closely monitor permissions requested by any application. An application shouldn’t request permission to do more than what it says it will do in its privacy policy.
  • Look out for unusual behavior on your smartphone, such as your device shutting down unexpectedly or displaying constant pop-up messages.
  • Download NQ Mobile Security for Android today to make sure you’re protected against mobile malware and other privacy threats.

Do SMS (text) messages ever show up on your phone from unfamiliar senders? What do you usually do with them? Have you ever been stung by SMS malware? Tell us your stories about unwanted text messages here on our blog, or on our Facebook page.