Legitimate apps modified to serve ads and offered on Android Market
Posted on 22 November 2011.
When there's easy money to be had, crooks usually don't care who will end up losing it - and cyber crooks are no exception to that rule.

Here's a quite recent example: Kaspersky Lab expert Tim Armstrong has discovered that an Android app developer has effectively used the source code of a legitimate app made by another developer, added to it a Pay-Per-Install library and has been spotted offering it on the Android Market.

The original app is named ElectricSleep and aims to improve the quality of the users' sleep by waking them during a light phase of their sleep cycle. Unfortunately, the stealing developer decided to keep that name, creating confusion and making the theft easier to spot by the original developer.

The only effective difference one can initially spot between the two apps is that the legitimate one does not ask for permission to access the users' network-based and GPS location.

An in depth analysis revealed that the aforementioned Pay-Per-Install library is part of a software development kit of AirPush - a company that specializes in pushing ads to end users through apps:

So what's in it for the stealing developer? According to the company site, he (or she) gets from $6 to $40 for every 1,000 users who see a particular ad.

"While these Pay-Per-Install services are not illegal, they can be intrusive, and stealing apps just to add on advertising code is definitely in violation of the Android developer License agreement," points out Armstrong, and adds that while the stolen and modified ElectricSleep app has been removed from the Android Market, the stealing developer still retains his account and will surely continue with these dirty tricks.

As always, users are advised to closely check the permissions asked by each app they plan to install and be critical in their final decision.


The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Mon, Sep 1st