Nothing will make you feel older faster than discovering that some app you’ve never heard of is the hot new thing with the youth. Did you know that Dubsmash, an app where users mash up sounds and videos to send to their friends, is the seventh most popular app on the Google Play store? But when it comes to tracking online trends, the only people savvier than teenagers are malware authors. The researchers at Avast released an exposé on a new malicious Android app claiming to be a follow-up to Dubsmash.
Knockoffs of popular apps are nothing new—just look at 2048—but Dubsmash 2 (or com.table.hockes, as Avast’s researchers call it) is a lot worse than just a fraudulent sequel. The malware sneaked onto the Google Play store and was downloaded by as many as half a million users before Google took it down. We always say that the best way to avoid Android malware is to only download apps from the Google Play store, but that doesn’t mean the service is ironclad.
Once installed, users don’t even catch a glimpse of their beloved Dubsmash. Instead, the app tries to hide itself under the unassuming moniker “Setting IS.” The icon resembles the real Android settings icon, making it even harder to root out. Launching the app brings users to the real Dubsmash page, tricking them into triggering the malware as well. But even if users never touch the app, it can still be activated remotely via its BroadcastReceiver any time the host device connects to the Internet.
The Internet is for Porn
Dubsmash 2’s ultimate function may not be quite as dangerous as other forms of mobile malware, but that doesn’t make it any less obnoxious. Clicker apps like this make money for their creators by forcing unwitting phones to click on numerous ads, pornography ads in this case, while convincing advertisers those clicks were legitimate and worth paying for. After it gets up and running, the app sends an HTTP GET request to an encrypted URL. The URL’s response causes the app to launch its “MyService” and “Streaming” functions.
Source – http://www.pcmag.com/article2/0,2817,2483968,00.asp