Android Malware via Ad Networks
I came across this article
which explains how malcious code can be pushed on our android phones through malicious ad networks.
I will only highlight the important points and include the countermesaures which I think we can use to atleast avoid/prevent this type of malware.
1) Ads displayed within mobile apps are served by code that's actually part of those applications.
2) Application owners typically include SDK's in the application for various ad network's.
3) Not all developers verify the Ad network and if the developer does not care or simply goes with the highest bidder, then the chances of siding with a malicious ad network are high.
4) If an ad from a malicious network is displayed it can push malicious payload which runs quietly in device memory.
5) Detection by AV's can be difficult as this runs in memory and android AV's mostly verify the apk's only.
Not so good thing:
This is a very elegant approach that doesn’t really require the end-user to do anything “wrong”.
The user could download a valid application from a valid app store, and ultimately be silently infected by a disreputable ad network
1) Do not install applications from untrusted sources. This is configured by default under :Settings->Security->Device Administration->Unknown Sources.
2) Always verify the permissions the application is requesting.
3) Rooted phones can utilize applications like AdAway which simply block all traffic to known ad networks. (Make sure you update it frequently).
4) Av's help in atleast verifying the apk's and there are applications to detect adnetworks like (Lookout,Symantec,TrustGo Ad detectors, etc).
If I get some time, I will try to get list of known malicious networks so we can manually add them to our host file and block all traffic to these networks.
I know these networks are dymanic but blocking can be helpful even for a short time.
If you think there are more better ways to prevent/detect this then please share and benefit the community.