Airpush can distribute SMS-Trojans among users of Android

The company "Doctor Web" warned about the intense spread Trojans Android.SmsSend by advertising platform Airpush, which is used by many developers to make money on the applications they create. Demonstrated the system messages may confuse users and lead to malicious software downloads.

Virus lab experts "Doctor Web" periodically recorded complaints from users on false positives from Dr.Web for Android applications against GooglePlay_install.apk, which detected the Trojan Android.SmsSend.315.origin. After studying the problem of virus experts have confirmed the validity of the detection of the program, which is in fact a fake installer and charge for access to the free applications, sending premium-SMS to a short number. However, the treatment of such complaints are still coming. Spent on this investigation had revealed one of the sources of the spread of Trojan: it was advertising system Airpush.

As you know, many games and applications for Android are free, however, to return on investment in their creation of money and time, developers often use special systems that are built into the program and show users different advertisements. These systems, in particular, is a popular advertising platform Airpush. A typical algorithm of its work is to demonstrate the application of advertising in a specially designated place, however, some versions of the module can also display different dialog boxes when working with the program, and without it directly run. The characters in the advertisements themselves can be absolutely anything, what and exploited, so decided to distribute the Trojan Android.SmsSend.315.origin.

Thus, the demonstrated module Airpush dialog box may require download some update to the Android OS and the user is able to accept it as an official message from the operating system. After clicking on the button executes a load malicious packet that after installing and running through the process of installing the desired application, in this case - GooglePlay. In reality, the Trojan creates the appearance of only the installation process, and then displays the link to download this catalog Google Play, simultaneously devastating the user's mobile account in the amount of from 170 to 240 rubles.