HackDig : Dig high-quality web security articles for hackers

«No Previous

Aggressive Riskware Installation on Amazon Kindle (and Android)

2015-01-13 02:30

As malware continues to grow on Android (900K malicious samples and 1,300 new per day), we sometimes forget attacks can also affect other devices... like Amazon's Kindle. The Kindle indeed runs Fire OS, a fork of Android. Thus, in several cases, Android malware also work on Fire OS, and reciprocally. Proof below.

Some time ago, while surfing on an old Wordpress website with his Kindle, a user got this pop-up:

Title

Legend. System kernel fix scam. Appears on Android devices and on Kindle.

Of course, it is a scam: the web page does not verify whatsoever about the system kernel and does not intend to fix anything. You'll notice the pop-up specifically mentions Android. This might alert Kindle users that something fishy is going on, however the scam works on both Android devices and on Kindle.

When you click on OK, another page gets displayed, with the obvious intent to fake the installation request of a standard application package.

Fig 1

Legend. The scam continues: this is not a system notification window, but an HTML web page to lure the victim to install the upgrade.

It does not matter whether you click on "Cancel" or "Update", both buttons redirect to the same Android application (provided the application is available in your country). It should be noted that the application works on Android and also on Kindle. This application is an Android application for a Chinese e-commerce enterprise. Strictly speaking, it is not malicious. However, it is bundled with several third party kits that send the end-user's IMEI, IMSI, MAC address and Android ID at numerous occasions, without any attempt to protect the private data. For instance, we see third party kits like Agoo, Taobao, Umeng and Usertrack which are accessing IMEI and IMSI, and also sometimes the MAC address, Android ID, ro.serialno, GPS coordinates etc. Our products block the scam URLs and the downloaded riskware. 

Many thanks to Martijn Grooten for sharing the information.

-- the Crypto Girl


Source: diordna-dna-eldnik-nozama-no-noitallatsni-erawksir-evissergga/tsop/moc.tenitrof.golb

Read:4474 | Comments:0 | Tags:No Tag

“Aggressive Riskware Installation on Amazon Kindle (and Android)”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Tools