Facebook Advertising Android Malware - Security Discussion

The suggested post feature allows advertisers to target a very specific group of Facebook users. for example only display advertisements to Facebook users who are browsing from an android device in Spain. This is perfect for malware developers, they can ensure their malware ads are only displayed to compatible targets, no wasted ads.
Keep an eye out if you are an Android Facebook user. I would love to know if any one has encountered this kind of malicious advertising.
Stay Safe out there everyone
http://armorfor.us/1gHkXpM

I've seen first hand malware distribution sites pick up on a mobile browser user agent, but this is just to a whole other level.
Everyday I'm just that much more reminded why I never made a Facebook.

Never seen them on Facebook.
On the other hand, on XDA...

Why use Facebook, when you could use other social sites and free sites like GNU Social?

I also have heard that Facebook ads are the proven way to increasing the blog traffic as well as sales. We have also been trying to increase our sales and we think that the Fb ads would be best for this purpose that’s why I am going to hire one of the best facebook ads services for that.

Facebook Error
Is this reported to Facebook?

Related

[rant] Malicious ads in common Android games

Hi,
I just wanted to rant about the current state of application ads on Android.
Over the past month, I've noticed an increased occurrence of those malicious "battery upgrade" ads in my games and apps.
Back in September/October, I got a few and I complained to the domain holder (ENOM) and their server hoster. Both of them neglected to email me back, and the site still remains online.
They seemed to disappear for a while, but since around New Years, the ads have resurfaced. Almost every free game I've played over the past two weeks has had them. Angry Birds, Super Stickman Golf, Words With Friends, Air Control Lite, to name a few...
I've contacted at least three ad distribution networks over the past two weeks, JumpTap, TapJoy, and Mojiva. All three have ignored my emails.
I've tried talking to the app developers, and they seem to be responsive to my initial complaints, but acting on them seems to be another matter.
While I realize that because I'm rooted, I could just block the ads by hand, but I think the more responsible thing would be for these ad distribution networks to actually look into the things they are advertising on our devices.
If you're an app developer, I'd like to ask that if you have a choice of whose ads get displayed in your applications, take a hard though about the ads that are also being pushed to your application's users.
I'm just mad about the whole thing. If ICE/DoHS can take down any site they feel, why can't malware developers suffer the same fate?
Thanks
Hi bunder9999,
My name is Saad and I work for Tapjoy. I wanted to bring to your attention that Tapjoy had already turned off and removed the developer for "battery upgrade" about 10 days ago. Please let me know if you want to discuss anything about this. You can send me email at [email protected].
Regards
Saad
Thank you. Now that I poke through my inbox, I see that you did indeed mail me back. edit: But that doesn't change the fact that you allowed the ads to begin with.
Got two emails today (surprise, surprise.)...
Rovio: "We're trying!"
Mojiva: (In so many words... yes, they were kindof nasty about it.) "Prove it or f*** off." My response: "Pull out an android device and install the malware yourself."
While I'm here, I thought I would post some comments made by some of my fellow Android users...
"i think it is awesome that you do this type of thing and more people should... you are pretty much an internet don quixote"
"more people need to step and say this type of s*** is unacceptable, and its really only apathy that doesn't stop ad companies from really taking this s*** seriously"
"your efforts are sisyphean, though noble"
Click to expand...
Click to collapse
I'm just going to post this here, as proof that I'm not off my nut, as Mojiva's final stance seems to be.
http://www.virustotal.com/file-scan...8bbb35635f8c6c7a044ff2b28fcd01dfa4-1326204931
edit: rather than waste a post on something nobody seems to care about, i got another ad today, from another ad-network, inmobi.
email sent. i was a little more diplomatic in my email this time, but somehow i don't feel that they will be anymore receptive than Mojiva was.
i wish android market was a little more like Apple app store. Too many crappy apps made it into the market without any filtering.
silkshocker said:
i wish android market was a little more like Apple app store. Too many crappy apps made it into the market without any filtering.
Click to expand...
Click to collapse
I couldn't disagree with you more. Sure, the App Store has a much higher percentage of quality apps, but I believe the filtering is preventing a lot of aspiring developers from getting their apps out there. I'm just afraid that, were I to get an iphone, the app I desperately want is being blocked by apple for one reason or another. I'd rather sift through hundreds of crappy apps and find the one I want, than sift through 50 and not get a single one that does what I need it to do.
And there is some filtering in the market. It's just not overly strict. The beauty of android is that it is OPEN!
Just a thought...
+1
mfitz8530 said:
I couldn't disagree with you more. Sure, the App Store has a much higher percentage of quality apps, but I believe the filtering is preventing a lot of aspiring developers from getting their apps out there. I'm just afraid that, were I to get an iphone, the app I desperately want is being blocked by apple for one reason or another. I'd rather sift through hundreds of crappy apps and find the one I want, than sift through 50 and not get a single one that does what I need it to do.
And there is some filtering in the market. It's just not overly strict. The beauty of android is that it is OPEN!
Just a thought...
Click to expand...
Click to collapse
what he said
you can easily block all the Ads, and ignore all the SPAMs
i'll suggest AVAST for Android, does a great job at that, as for Ads, there are tons of 3rd party apps to block Ads
.
Thread moved. Would advise you to read forum rules and post in correct section.
bunder9999 said:
Hi,
I just wanted to rant about the current state of application ads on Android.
Over the past month, I've noticed an increased occurrence of those malicious "battery upgrade" ads in my games and apps.
Back in September/October, I got a few and I complained to the domain holder (ENOM) and their server hoster. Both of them neglected to email me back, and the site still remains online.
They seemed to disappear for a while, but since around New Years, the ads have resurfaced. Almost every free game I've played over the past two weeks has had them. Angry Birds, Super Stickman Golf, Words With Friends, Air Control Lite, to name a few...
I've contacted at least three ad distribution networks over the past two weeks, JumpTap, TapJoy, and Mojiva. All three have ignored my emails.
I've tried talking to the app developers, and they seem to be responsive to my initial complaints, but acting on them seems to be another matter.
While I realize that because I'm rooted, I could just block the ads by hand, but I think the more responsible thing would be for these ad distribution networks to actually look into the things they are advertising on our devices.
If you're an app developer, I'd like to ask that if you have a choice of whose ads get displayed in your applications, take a hard though about the ads that are also being pushed to your application's users.
I'm just mad about the whole thing. If ICE/DoHS can take down any site they feel, why can't malware developers suffer the same fate?
Thanks
Click to expand...
Click to collapse
I also got the same feedback once but i could easily resolve this problem with my ad distributor as they block those ads for me..
"Free App: Battery upgrade" - sleazy ads
Hi all,
I found this topic, and think that it's the good one
Since some days, I have a strange ads in my notification bar, which displays: "Free App: Battery upgrade"
I launched some tools like Lookout or AVG Antivirus, but they didn't find any malware.
Does a specific tool exist to find this kind of malware, or maybe a way to find which app raised this bad ads ?
(last installed apps is Bubble level, but many apps are updated often, so I don't have any idea of which one could cause that )
Well done ,learn more
If it can help people (and it should help ), I found the solution of my problem of sleazy ads:
I installed from market Airpush detector (some other apps exists), which simply detects which apps contains ads (type Airpush), and propose to uninstall them.
At the end, it's simple. I'm very happy that these kind of tool exist, but I'm very surprised that such [email protected]\`@^ ads could be displayed in the notification bar

TheTruthSpy - Cell Phone Tracker And Monitoring Software

If you are worrying about your children, and are always thinking of a medium, that will help you p keean eye on them, then mobile tracker/phone track is just the answer you are looking for. Prevent your life of lies and troubles. This tracker can also be used as a online backup tool, monitor spy app as well as anti thieves. If somebody stole the phone of your child you can track everything on the phone, with or without an internet connection.
Features
- Locate phone position with high accuracy.
- Record phone calls with high quality audio.
- Listen surrounding environment, record phone surrounding.
- Read SMS : default SMS, Whatsapp, Viber.
- Track social network chatting: Facebook, Skype, Gtalk, Hangouts, Yahoo Messenger.
- Track Emails: default email, Gmail, view emails in rich content.
- Track browsing history: default browser, chrome, firefox.
- Read entire contact list: Phone number and Email address.
- Monitor applications.
- Access pictures and videos taken by the target phone.
- All history data comes with time and coordinates.
- Notifications: Sim Card changed notification.
- External Storage Manager: view folder and files.
How to use
- It takes couple of minutes to data uploaded latest data: sms, contact, web, location.
- Please play with it (open web, application; send sms, call; chat whatsapp, viber, hangouts, skype, facebook; send email to some your friends) and login to view what this tracker give you. You only play with it on web control panel on web site.
Once you install this mobile tracker on the target cell phone and register it with username and pass you can spy kid, wife, husband, lovers, friends. You can review and distance control everything on site .
Use Note
Link removed
Forum Rule 11. Don’t post with the intention of selling something.
Don’t use XDA to advertise your product or service. Proprietors of for-pay products or services, may use XDA to get feedback, provide beta access, or a free version of their product for XDA users and to offer support, but not to post with the intention of selling. This includes promoting sites similar / substantially similar to XDA-Developers.com.
Do not post press releases, announcements, links to trial software or commercial services, unless you’re posting an exclusive release for XDA-Developers.com.
Encouraging members to participate in forum activities on other phone related sites is prohibited.
Off-site downloads are permitted if the site is non-commercial and does not require registration.
Off-site downloads from sites requiring registration are NOT encouraged but may be permitted if both of the following conditions are met:
A) The site belongs to a member of XDA-Developers with at least 1500 posts and 2 years membership, who actively maintains an XDA-Developers support thread(s) / posts, related to the download.
B) The site is a relatively small, personal website without commercial advertising / links (i.e. not a competitor forum-based site with purposes and aims similar to those of XDA-Developers.com.)
Click to expand...
Click to collapse
Try it now, it free 48 hours
truthspysystem said:
Try it now, it free 48 hours
Click to expand...
Click to collapse
How is it free? It does want my CC and doesn't show download link once registered.
Please advise.
edit. right, found it. Install APK, then have 48 h trial. After that it's not a one-off but you buy plans for using the online service, starting at 14,99 $ per month for a private licence.
Not bad, good way to get your pockets full with cash every months. I certainly don't support this type of spying application and people should be aware using this tool without consent being highly illegal in many countries.
KeyWe - Android Keyboard for Spelling
KeyWe is an android app which helps in correcting your spelling. Just use KeyWe as your default Android keyboard and forget all your spellings as this awesome app will help you in correcting them.
Some benefits are:-
1) It helps in avoiding embarrassing typos
2) It automatically corrects your spellings.
3) It android based. So you can use it anywhere you want.
Thread closed. See Post 1.

FACEBOOK: improving ads based on apps and sites you use

Just got a email and notice from facebook stating:
We're improving ads based on apps and sites you use, and giving you control. Learn more.
Thanks,
The Facebook Team
WTF....are they kidding me...so now they are scanning my phone apps and tracking my browser....thanks but no thanks...what u guys think??
#noprivacy #wow

[App] [2.1+] [In Dev.] Block&Lock App - Block distractions on your phone

Hey,
I heard lots of requests from people wanting a solution to disable distracting apps on their phone. There are already some solutions for PC, Mac and iOS, but not many for Android.
That's why I'm developing Block&Lock. It's an app that lets you block apps for specified timeframes or always, so you don't procrastinate anymore using social media and such during work .
At the same time you can lock applications that contain private data, so you can for example hand your phone to someone without him browsing your photos.
Both feature will be integrated in one App.
The website is now live, you can subscribe to the newsletter to get each and every update! But particularly: You get the paid PRO version for FREE by subscribing: bit.ly/block-lock-app
Beta users will also be chosen from the mailing list.
Follow the official twitter account as well: twitter.com/blocklockapp.
Thanks!
Best regards!

Massive mobile advertising fraud campaign/fake virus warnings/free iphone scams/surveys

I discovered a massive mobile advertising fraud campaign that pushes fake virus warnings that trick novice Android users into installing questionable apps.
The advertiser uses JavaScript hosted on Amazon's CloudFront that uses various techniques to fingerprint the users web browser and if and Android device is discovered a fake media player or fake Captcha will pop up on the users mobile device to try and trick the user into accepting push notifications.
Once the push notifications are pushed to the mobile web browser the phone will start to vibrate and beep or in some cases play loud sirens or even spoken words along with fake virus warnings claiming the device is infected with multiple non-existent viruses that lead the user to the Google Play store to install questionable apps.
Many of the infected websites are geared towards a younger audience such as popular games and anime but also pirated software and movies and porn sites are also infected with this advertisers script.
The advertiser boasts that they are able to bypass adblockers and one of the infected websites "wallpaperaccess(.)com" has also been seen to download a malicious Android app disquised as an AdBlock app.
MD5 sum of AdBlock.apk 6f1fd359a382348b3307ed9d64eeebaa
The advertiser behind the browser fingerprinting script hosted on CloudFront is "AdMaven" out of Tel Aviv.
Near the bottom of the script and hidden using Base64 encoding using a custom alphabet hides the domain names of the websites that do the push notifications from anther company out of Tel Aviv called "moviesupdates(.)com"
In some of the AdMaven scripts I've examined is the name of another advertiser out of Tel Aviv called "Taboola" and their name is also obfuscated in the script using Base64 and the custom alphabet: abcdwxyzstuvrqponmijklefghABCDWXYZSTUVMNOPQRIJKLEFGH9876543210+/
Almost all the domains are registred to DynaDot and NameCheap.
*Edited to add that NameCheap has turned over a new leaf and is now actively removing reported content.
Here is just a very small sample of the hundreds of infected websites:
deportivo-la-coruna(.)com/page(.)php
mr2(.)com
acampante(.)com
10lance(.)com
russisk(.)org
www(.)e-jurnal(.)com
formodessa(.)com
hdwallsbox(.)com
brightways(.)org
tvshows4mobile(.)com
freehottip(.)com
www.dlmania(.)com
hdmp4mania1(.)net
streamcr7(.)com
123moviesfun(.)is
downace(.)com
watchmoviestream(.)me
customsdutyfree(.)com
allsp(.)ch
www(.)rarbgtorrent(.)com
cmacapps(.)com
speed-new(.)com
blogqpot(.)com
www(.)themetalup(.)com
cutewallpaper(.)org
o2tvseries(.)com
music(.)com(.)bd
manillenials(.)com
luchoedu(.)org
bosscast(.)net
kingdesi(.)com
www.legendofkorra(.)tv
deseneledublate(.)com
repack-games(.)com
amongushacks(.)com
wallpaperaccess(.)com
www.macappstores(.)com
softnspot.blogspot(.)com
btorrent(.)xyz
www(.)frkmusicx(.)com
www.()books-share(.)com
dbanimes(.)com
downloadpc-software.blogspot(.)com
apunkagameslinks.blogspot(.)com
naijatunez(.)com
freegogpcgames(.)com
venenosas(.)com(.)br
www.tumbral(.)com
www.twugi(.)com
gamemox(.)com
egyupgamer.blogspot(.)com
I have emailed AdMaven and Celebsupdates/Moviesupdates and several of the infected websites regarding this fraud but did not get any response.
I'm hoping a reputable security company or ad fraud company will expose this fraud further.
**UPDATE**
It appears the researchers at Bitdefender Labs are tracking the fake adBlock app as "Teabot and Flubot" but they seem unsure as to how the fake adblock app is being propagated.
I have tried to email Bitdefender to give them additional info regarding the malware and how its being spread through malvertising on the sites I listed above but Bitdefender's contact site is complete rubbish.
Bitdefender's article on the malware:
Bitdefender Labs
Daily source of cyber-threat information. Established 2001.
labs.bitdefender.com
Attached is a screenshot showing the malicious AdBlock.apk being advertised by the AdMaven script hosted on CloudFront:
One of the Android applications that people are frightened into downloading by the fake virus warnings is Psafe's DFNDR Antivirus/Cleaner.
Users have been tricked into installing DFNDR through fake virus warnings since 2013.
The developers claim that they do not condone these fraudulent ads and go so far as to ask users to send in screenshots of the fake virus warnings and the URL.
But this is just a ruse. It would be impossible to report on a single URL and the sites that push the fake virus warnings are created automatically.
The only way to truley stop the fake virus warnings is to go to the source of the fraudulent ads which is the AdMaven scripts hosted on Amazon's Cloudfront.
I have shared all this information with the representatives at Psafe about the fraudulent ads and how to stop it.
Psafe even requested I hold off on reporting of the fraud for 30 days which I granted but as you can see from these screenshots Android users are still being sent to the DFNDR app on the Google Play store through these scare tactics.
I have contacted Amazon to report the fraudulent ads and the drive-by downloads of the Android malware but they refuse to do anything about it.
Check the Play Store user reviews for yourself:
hxxps://play.google.com/store/apps/details?id=com.psafe.msuite&hl=en_US&gl=US
Security researcher Lukas Stefanko from ESET is now also tracking this mobile ad fraud and malicious AdBlock app.
Some URL shortener services distribute Android malware, including banking or SMS trojans | WeLiveSecurity
On iOS we have seen link shortener services pushing spam calendar files to victims’ devices.
www.welivesecurity.com
The link shortners being used in recent scareware campaigns are on Adf.ly
It is unfortunate that the true sources of all these fake virus warnings and mobile malware and calendar spam are not being revealed in this latest report.
No mention of the CloudFront scripts or the latest script that is pushing these scareware ads and malware:
hxxps://iclickcdn(.)com/tag.min.js which is being hosted on CloudFlare servers.
While searching for websites infected with the iclickcdn script I discovered that a federal government website frequented by members of congress had also been infected.
I notified the hostmaster and several other agencies and the script was purged from the site.
A link to URL scan that shows the heavily obfuscated iclickcdn JavaScript:
https://urlscan.io/responses/04a1722238c2eb4055efcf3123981dc1cfa9a48e49be8154e4f9d6d66a1e51a6/
sloshnmosh said:
The link shortners being used in recent scareware campaigns are on Adf.ly
Click to expand...
Click to collapse
Thanks for the interesting information.
I'd just like to inform you that Adf.ly is not welcomed and accepted already for years on this forum, and as soon as we recognise or get notified about such a link it gets removed immediately.
Remark: I've deleted the 5 duplicates of your post that suddenly popped up.
Regards
Oswald Boelcke
Oswald Boelcke said:
Thanks for the interesting information.
I'd just like to inform you that Adf.ly is not welcomed and accepted already for years on this forum, and as soon as we recognise or get notified about such a link it gets removed immediately.
Remark: I've deleted the 5 duplicates of your post that suddenly popped up.
Regards
Oswald Boelcke
Click to expand...
Click to collapse
Okay, thanks so much! I should have put cursors around the DOT of adfly so it wasn't a link.
Also, thank you so much for removing the duplicates, I was receiving errors so I was panicked when I saw I made multiple duplicate posts.

Categories

Resources