Vulna Adware Threatens Millions of Android Mobile Devices

Android VirusBy Steven Caponi

Researchers have confirmed that a widely used Android mobile ad library app poses a significant threat to mobile users.  The ad library has been dubbed “Vulna” (or “vulnerable and aggressive”), which allows attackers to “perform dangerous operations such as downloading and running new components on demand.”

The scope of the problem is significant—researchers “have analyzed all Android apps with over one million downloads on Google Play, and found that over 1.8% of these apps used Vulna.  These affected apps have been downloaded more than 200 million times in total.”

Developed by third-parties, mobile app libraries are used to display advertisements from other “host apps.”  This class of software also collects International Mobile Subscriber Identity (commonly referred to as “IMSI”) and International Mobile Equipment Identity (commonly referred to as “IMEI”) codes.  What makes Vulna dangerous, therefore, is its ability to amass call record details and SMS text messages, as well as allow for the execution of malicious code.

“Vulna is aggressive—if instructed by its server, it will collect sensitive information such as text messages, phone call history, and contacts.  It also performs dangerous operations such as executing dynamically downloaded code.  Second, Vulna contains a number of diverse vulnerabilities.  These vulnerabilities when exploited allow an attacker to utilize Vulna’s risky and aggressive functionality to conduct malicious activity, such as turning on the camera and taking pictures without user’s knowledge, stealing two-­factor authentication tokens sent via SMS, or turning the device into part of a botnet.”

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s