Massive mobile advertising fraud campaign/fake virus warnings/free iphone scams/surveys - General Topics

I discovered a massive mobile advertising fraud campaign that pushes fake virus warnings that trick novice Android users into installing questionable apps.
The advertiser uses JavaScript hosted on Amazon's CloudFront that uses various techniques to fingerprint the users web browser and if and Android device is discovered a fake media player or fake Captcha will pop up on the users mobile device to try and trick the user into accepting push notifications.
Once the push notifications are pushed to the mobile web browser the phone will start to vibrate and beep or in some cases play loud sirens or even spoken words along with fake virus warnings claiming the device is infected with multiple non-existent viruses that lead the user to the Google Play store to install questionable apps.
Many of the infected websites are geared towards a younger audience such as popular games and anime but also pirated software and movies and porn sites are also infected with this advertisers script.
The advertiser boasts that they are able to bypass adblockers and one of the infected websites "wallpaperaccess(.)com" has also been seen to download a malicious Android app disquised as an AdBlock app.
MD5 sum of AdBlock.apk 6f1fd359a382348b3307ed9d64eeebaa
The advertiser behind the browser fingerprinting script hosted on CloudFront is "AdMaven" out of Tel Aviv.
Near the bottom of the script and hidden using Base64 encoding using a custom alphabet hides the domain names of the websites that do the push notifications from anther company out of Tel Aviv called "moviesupdates(.)com"
In some of the AdMaven scripts I've examined is the name of another advertiser out of Tel Aviv called "Taboola" and their name is also obfuscated in the script using Base64 and the custom alphabet: abcdwxyzstuvrqponmijklefghABCDWXYZSTUVMNOPQRIJKLEFGH9876543210+/
Almost all the domains are registred to DynaDot and NameCheap.
*Edited to add that NameCheap has turned over a new leaf and is now actively removing reported content.
Here is just a very small sample of the hundreds of infected websites:
deportivo-la-coruna(.)com/page(.)php
mr2(.)com
acampante(.)com
10lance(.)com
russisk(.)org
www(.)e-jurnal(.)com
formodessa(.)com
hdwallsbox(.)com
brightways(.)org
tvshows4mobile(.)com
freehottip(.)com
www.dlmania(.)com
hdmp4mania1(.)net
streamcr7(.)com
123moviesfun(.)is
downace(.)com
watchmoviestream(.)me
customsdutyfree(.)com
allsp(.)ch
www(.)rarbgtorrent(.)com
cmacapps(.)com
speed-new(.)com
blogqpot(.)com
www(.)themetalup(.)com
cutewallpaper(.)org
o2tvseries(.)com
music(.)com(.)bd
manillenials(.)com
luchoedu(.)org
bosscast(.)net
kingdesi(.)com
www.legendofkorra(.)tv
deseneledublate(.)com
repack-games(.)com
amongushacks(.)com
wallpaperaccess(.)com
www.macappstores(.)com
softnspot.blogspot(.)com
btorrent(.)xyz
www(.)frkmusicx(.)com
www.()books-share(.)com
dbanimes(.)com
downloadpc-software.blogspot(.)com
apunkagameslinks.blogspot(.)com
naijatunez(.)com
freegogpcgames(.)com
venenosas(.)com(.)br
www.tumbral(.)com
www.twugi(.)com
gamemox(.)com
egyupgamer.blogspot(.)com
I have emailed AdMaven and Celebsupdates/Moviesupdates and several of the infected websites regarding this fraud but did not get any response.
I'm hoping a reputable security company or ad fraud company will expose this fraud further.
**UPDATE**
It appears the researchers at Bitdefender Labs are tracking the fake adBlock app as "Teabot and Flubot" but they seem unsure as to how the fake adblock app is being propagated.
I have tried to email Bitdefender to give them additional info regarding the malware and how its being spread through malvertising on the sites I listed above but Bitdefender's contact site is complete rubbish.
Bitdefender's article on the malware:
Bitdefender Labs
Daily source of cyber-threat information. Established 2001.
labs.bitdefender.com
Attached is a screenshot showing the malicious AdBlock.apk being advertised by the AdMaven script hosted on CloudFront:
One of the Android applications that people are frightened into downloading by the fake virus warnings is Psafe's DFNDR Antivirus/Cleaner.
Users have been tricked into installing DFNDR through fake virus warnings since 2013.
The developers claim that they do not condone these fraudulent ads and go so far as to ask users to send in screenshots of the fake virus warnings and the URL.
But this is just a ruse. It would be impossible to report on a single URL and the sites that push the fake virus warnings are created automatically.
The only way to truley stop the fake virus warnings is to go to the source of the fraudulent ads which is the AdMaven scripts hosted on Amazon's Cloudfront.
I have shared all this information with the representatives at Psafe about the fraudulent ads and how to stop it.
Psafe even requested I hold off on reporting of the fraud for 30 days which I granted but as you can see from these screenshots Android users are still being sent to the DFNDR app on the Google Play store through these scare tactics.
I have contacted Amazon to report the fraudulent ads and the drive-by downloads of the Android malware but they refuse to do anything about it.
Check the Play Store user reviews for yourself:
hxxps://play.google.com/store/apps/details?id=com.psafe.msuite&hl=en_US&gl=US

Security researcher Lukas Stefanko from ESET is now also tracking this mobile ad fraud and malicious AdBlock app.
Some URL shortener services distribute Android malware, including banking or SMS trojans | WeLiveSecurity
On iOS we have seen link shortener services pushing spam calendar files to victims’ devices.
www.welivesecurity.com
The link shortners being used in recent scareware campaigns are on Adf.ly
It is unfortunate that the true sources of all these fake virus warnings and mobile malware and calendar spam are not being revealed in this latest report.
No mention of the CloudFront scripts or the latest script that is pushing these scareware ads and malware:
hxxps://iclickcdn(.)com/tag.min.js which is being hosted on CloudFlare servers.
While searching for websites infected with the iclickcdn script I discovered that a federal government website frequented by members of congress had also been infected.
I notified the hostmaster and several other agencies and the script was purged from the site.
A link to URL scan that shows the heavily obfuscated iclickcdn JavaScript:
https://urlscan.io/responses/04a1722238c2eb4055efcf3123981dc1cfa9a48e49be8154e4f9d6d66a1e51a6/

sloshnmosh said:
The link shortners being used in recent scareware campaigns are on Adf.ly
Click to expand...
Click to collapse
Thanks for the interesting information.
I'd just like to inform you that Adf.ly is not welcomed and accepted already for years on this forum, and as soon as we recognise or get notified about such a link it gets removed immediately.
Remark: I've deleted the 5 duplicates of your post that suddenly popped up.
Regards
Oswald Boelcke

Oswald Boelcke said:
Thanks for the interesting information.
I'd just like to inform you that Adf.ly is not welcomed and accepted already for years on this forum, and as soon as we recognise or get notified about such a link it gets removed immediately.
Remark: I've deleted the 5 duplicates of your post that suddenly popped up.
Regards
Oswald Boelcke
Click to expand...
Click to collapse
Okay, thanks so much! I should have put cursors around the DOT of adfly so it wasn't a link.
Also, thank you so much for removing the duplicates, I was receiving errors so I was panicked when I saw I made multiple duplicate posts.

Related

Important notice to all Chef's and users regarding the 6.5 rom removal Hoax

EVERYONE need to read this thread in the link below, please post this other threads related to this, BTW it discusses that this is James Young is a HOAX read the last couple of posts
http://forum.xda-developers.com/showthread.php?t=492330
Admins: Just talked with Microsoft being my profession and this was not sitting good with me since it was missing A. a contact phone number and for these cases it must also contain a Digital Signature with that being said they said it is fraud, I gave them the link here and they verified that they do not have a James Young employ and that the email extension [email protected] is not valid furthermore they said on there notices they will also have a phone number for the person(s) to call and correspondence is done through written. I will be receiving an email with the case number and contact information for the antipiracy case manager who verified the information and will forward it to the Admins here and at PPCGeeks as well. If one one the Admins here can PM there email addy so I can send the email to them for future verification on these types of notices.
Click to expand...
Click to collapse
More info on the Ms Hoax please pass this info along to all sites and admins...
http://pocketnow.com/index.php?a=portal_detail&t=news&id=7041
Microsoft Impersonator Sends Fraudulent Letters, Disrupts Community
Posted by Chuong Nguyen
March 13th, 2009 at 02:53 PM
It turns out that there may be an impersonator lurking around disrupting Windows Mobile communities. In response to an article that was posted this morning about Microsoft demanding that Windows Mobile 6.5 ROM images that were cooked unofficially be taken down, our own Microsoft MVP Adam Z. Lein spotted that the guy responsible for the letter to XDA-Developers may be a fraud, as was posted on PPCGeeks.
A similar hoax had occurred before at msmobiles in regards to Windows Mobile 6.5 screenshots. In the cease and desist letter to msmobiles, the gentleman claiming to be with Microsoft's legal department asked the site to remove screenshots of the forthcoming operating system
. The letter was sent after Microsoft had publicly announced and shown the very screenshots at Mobile World Congress 2009. According to msmobiles: "In any case, if it is genuine action on behalf of Microsoft, it is a case of extreme incompetence that this guy is showing because he is requesting removal of pictures of something that has been officially announced few days earlier." It should also be noted that pocketnow.com had posted screenshots and news of Windows Mobile 6.5 before, during, and after Microsoft's Mobile World Congress announcement and we did not receive a cease and desist letter.
The community over at msmobiles performed some additional investigations and found that the gentlemam, James Young, sent emails originating from IP addresses in London and not from Microsoft's corporate headquarters in Redmond, Washington, leading many to believe that he is not connected with the software giant. Additionally, emails were sent from [email protected], and not at a "@microsoft.com" email address.
Whatever the case may be, other forum members in our original post here at pocketnow.com made mention that only the Windows Mobile 6.5 cooked ROM made by ROM chef Da_G was affected and 6.5 ROMs for other HTC-made devices were seemingly okay.
i only hope it is a hoax
I f you read the links I posted you will see that some users and some who work for M$ verified that it was a hoax...
Thanks for this.
It has been raised in the Moderators Forum.
I'll closed this thread now because there are a few of them floating around, might as well keep the discussion focused.
Might I suggest that if this is found to be a hoax, the site admin (or a moderator maybe) will let you know. We would appreciate it if anyone who has had a takedown notice by the admin adears to it until further notice from xda.
Regards,
Dave
I'll re-open this thread for discussion.
Can I request that if Flar removed your ROM images / links that you do not re-add them until you here from Flar (or maybe a moderator).
The takedown notice for those images may be genuine.
Thanks
Dave
thank you Dave,
question, since this has affected several hosting sites, what would be the best way to get them to re-think there decisions ? To me I think is not going to be a easy task to do since they are now very unsure of where they stand..legally that is..I doubt the M$ is going to come right out and tell them "all is well"
Who ever this guy is..he hit a very tender spot and if it was not for a minor slip up this may not have been nipped in the bud as quick as it was..
I have unlimited bandwidth and file space to host...
I am just unsure of the "legality" of ROM images in the US on a file server.
If they are considered legit, and do not contain any illegal software in the ROM image itself, I would be more than willing to host on my 100MBit web server.
What a p*ss take but to be honest someone should have noticed the extension on the email address!!! Or even checked into it... "Just want to clarify not pointing the blame @ anyone"
I know now XDA has to do there research on this and comply with any thing that has happened till the all clear is called.
Just shame the ammount of disruption this has caused to chefs and users alike....
With regards hosting sites i think that they will be fines as i imagine the flagged ROMs were reported by the offender and most hosting sites do not have enough time to check every upload to there servers....
Not sure i got anything else to say except lets all get back to usual.....
stylez said:
With regards hosting sites i think that they will be fines as i imagine the flagged ROMs were reported by the offender and most hosting sites do not have enough time to check every upload to there servers... I have personally had to initiate a DMCA, send it, and follow up with individuals before, as well as removing illegal material from some of the websites our current and former clients have hosted.
Not sure i got anything else to say except lets all get back to usual.....
Click to expand...
Click to collapse
I can speak to that since I am a partner with a game and web hosting company. We do look at the individual files on the box to determine if the reported apps or media violates either our Terms of Service or any copyright laws. We also check into each "report" we get to determine if the report is legitimate, and we do investigate IPs and domains, to determine if they are valid.
In our arena, we do get gaming guilds who pretend to be official companies who try to get us to take down a competitors site or server.
We have also used copyright DMCA ourselves, and we do send email notification, but ONLY after a written certified letter is sent. The email is sent to the listed contact of the company and contains a copy of what was sent via certified mail.
We do this since we normally engage in unofficial conversation if someone has used our copy-righted material to save us money, as most of the time they use it without knowing they can't.
As far as the DMCA goes, we can send notice using our own attorneys, but we HAVE to hire local counsel to serve any legal action notice if we end up going that route. However, we do have a choice of mediation and litigation clause which allows us to use the laws of and conduct legal activity in the state our company is registered in. MS would have to do the same thing.
so when will roms be back? will everyone have to re post them therselves?
If it's truly found to be a hoax, I'd sure hate to be "James Young", or whatever his real name is. He may quickly become the target of thousands of hackers. I would imagine with the combined power of everyone effected, he could find himself with:
An Empty Bank Account
Homeless
Late Vehicle Registration/Stolen Vehicle
On the FBI's Most Wanted List/On MI6's Most Wanted List
His Face In Porn Movies/Beastiality Movies
A Failed Drug Test at Work
On People Magazine's Worst Dressed List
etc, etc...
More info from another thread.
By Dereth
this guy obiously has no life....
he sends these to the pirate bay all the time:
http://static.thepiratebay.org/ms-loveletter.txt
and read this email at the bottom it states the copyright on the email.
http://static.thepiratebay.org/sega_mail.txt
"IMPORTANT: The contents of this email and attachments are confidential
and may be subject to legal privilege and/or protected by copyright.
Copying or communicating any part of it to others is prohibited and may
be unlawful. If you are not the intended recipient you must not use,
copy, distribute or rely on this email and should please return it
immediately or notify us by telephone. While we take every reasonable
precaution to screen out computer viruses from emails, attachments to
this email may contain such viruses. We cannot accept liability for loss
or damage resulting from such viruses. We recommend you carry out your
own virus checks."
Click to expand...
Click to collapse
Tell ya what this guy been everywhere!!!
Last month, Ars reported that Microsoft's Windows Media Audio (WMA) digital rights management protection had been cracked, and a program called FairUse4WM had been written that would strip DRM data from purchased audio files. Microsoft was aware of the workaround, but did not seem too concerned, merely stating that "we designed the Windows Media DRM system to be renewable, so that if such events occur the system can be refreshed to address them." Now it seems that the company has gone a little further than that, sending out cease and desist orders to web sites hosting the FairUse4WM program. According to the owner of the web site BG4G, the orders came in via e-mail.
The notices are of a standard boilerplate format, claiming that the sites are "offering unlicensed copies of, or is engaged in other unauthorized activities relating to copyrighted works published by Microsoft." The copyrighted works are Windows Media Player 10 and 11, and the unauthorized activities are listed as "offering 'Cracks' or 'Product Keys', intended to circumvent technical measures that control access to Microsoft's copyrighted works and that protect Microsoft's copyrights in those works."
The "Demand for Immediate Takedown" e-mail comes from a James Young, "Internet Investigator," who claims to be acting on behalf of Microsoft Corporation. The interesting thing about the e-mail is that it makes no mention of the DMCA, which is the one law that would make FairUse4WM (which does not contain any copyrighted code, portions of Windows Media Player, nor any copyrighted music files themselves) illegal. The DMCA contains provisions against programs that attempt to circumvent copy protection. It also provides a "safe harbor" for Internet Service Providers and web hosts that take down files in a certain amount of time (usually 10 to 14 days) after a warning letter has been received.
The DMCA is a US invention and applies only in the United States, but many companies have attempted to use it outside their country's borders. The notice advising web sites to take down the FairUse4WM program came from the domain Microsoft-Antipiracy.com, which according to DNS records belongs to Microsoft but is actually administered by the ISP Nildram Ltd, which is based in the UK (the web site itself redirects to a page on microsoft.com).
Microsoft has not commented on the takedown notices, but they would be consistent with the sorts of notices given to web sites hosting cracks for other media-related copy protection. In the case of FairUse4WM, the problem may be somewhat more urgent from Microsoft's perspective, as the subscription-based model used by many DRMed WMA online music stores allows downloading an unlimited number of songs, but they can only be listened to for as long as the subscription is active
Click to expand...
Click to collapse
More reading regards this:
http://jamesholden.net/2007/04/25/microsoft-didnt-issue-takedown-notices-for-fairuse4wm/
Tell you what though there is a hell of alot of letters and some of them going back as far as 2004 from what i'm reading lets hope that XDA can nip this in the but...
this is all nice to be a freelance paid by M$ or ? black M$ funds haha. its way back to .... that this guy is scaring on the inet for them . SO XDA WHAT WILL BE RESPONSE TO ALL CLOSED THREADS
edit : i want my thread back restored from backup hehe red lines removed . WHEN ?
Use common sense, people! (Admins mainly)
IF Microsoft would have sent any of such letters, it would require you to remove ALL of their products, not just one - isn't it obvious?
I cannot imagine msoft asking xda to remove anything WM6.5 related, but not mentioning WM6.1 and WM6.0 ROMs and files
It's like Sony would have ask i.e. The Pirate Bay in a C&D letter to remove links to just 1 movie torrent and not mention links to all other Sony-owned movies present there.
I don't think it ever happened that way.
And letter coming from microsoft-antipiracy.com ? That's a no brainer LOL! It's as credible as if it would have come from microsoftsucks.org
Sure it's a hoax.
You've been pwnd
http://who.godaddy.com/WhoIs.aspx?domain=microsoft-antipiracy.com&prog_id=godaddy
http://msmobiles.com/news.php/8059.html
http://pocketnow.com/index.php?a=portal_detail&t=news&id=7041
http://www.chillingeffects.org/dmca512/notice.cgi?NoticeID=4780
http://brian.carr.name/mscompln.htm
F2504x4 said:
More info from another thread.
By Dereth
this guy obiously has no life....
he sends these to the pirate bay all the time:
http://static.thepiratebay.org/ms-loveletter.txt
and read this email at the bottom it states the copyright on the email.
http://static.thepiratebay.org/sega_mail.txt
"IMPORTANT: The contents of this email and attachments are confidential
and may be subject to legal privilege and/or protected by copyright.
Copying or communicating any part of it to others is prohibited and may
be unlawful. If you are not the intended recipient you must not use,
copy, distribute or rely on this email and should please return it
immediately or notify us by telephone. While we take every reasonable
precaution to screen out computer viruses from emails, attachments to
this email may contain such viruses. We cannot accept liability for loss
or damage resulting from such viruses. We recommend you carry out your
own virus checks."
Click to expand...
Click to collapse
Click to expand...
Click to collapse
Interesting... the confidentiality notice is often a sub mail server attachment, meaning its attached to the email as it leaves the companie's mail servers, not when it leaves the users outbox... There are universal clauses out there, but since this one matches pretty much 100% it would be safe to say that the company James Young mailed it from and this company are one and the same, or connected through a parent or something like that. Here is the one that my company attaches once the emails leave our intranet and go out:
This message w/attachments (message) may be privileged, confidential or proprietary, and if you are not an intended recipient, please notify the sender, do not use or share it and delete it. Unless specifically indicated, this message is not an offer to sell or a solicitation of any investment products or other financial product or service, an official confirmation of any transaction, or an official statement of <removed>. Subject to applicable law, <removed> may monitor, review and retain e-communications (EC) traveling through its networks/systems. The laws of the country of each sender/recipient may impact the handling of EC, and EC may be archived, supervised and produced in countries other than the country in which you are located. This message cannot be guaranteed to be secure or error-free. This message is subject to terms available at the following link:
Click to expand...
Click to collapse
James probably worked there at the same company that sent the sony notice and got fired, so he's taking it upon himself. Maybe he got served a notice, and got mad that everyone else has it so he is sending out notices himself as a revenge plot... who knows... he has issues thats all.
Good news for xda developers :
http://www.duttythroy.net/component...crosoft-and-htc-say-ok-to-xda-developers.html
http://tweakers.net/nieuws/59043/microsoft-xda-developers-illegaal-maar-we-pakken-ze-niet-aan.html
Thanks and regards

Movie Player... Trojan?

Reffering to an article published on a norwegian mobile site mobilen.no
Google Translation:
The operating system Android has previously been criticized for lack of security.
Now it turns out that the scammers for the first time have managed to flea the Android users money by spreading a known trojan - an application that may look innocent, but which in reality is a virus.
"Invisible" SMS-payment
The security company Kaspersky Lab to warn of the threat. The current Trojan called simply MOVIE PLAYER, but has not been available in the Android Market. Instead, users have downloaded the trojan via a variety of websites, which is easy because the user can install what they want on mobile.
When MOVIE PLAYER is installed on the mobile phone will send out expensive SMS is without users noticing it. Mobil.se report that Swedish Android users who have downloaded the Trojans want to call several Russian mobile numbers without country code, which fortunately only works in Russia. Still, warns David Jacoby in Kaspersky Lab that there is nothing that prevents Trojans to update itself and find local payment numbers in the new country.
According to Kaspersky Lab's MOVIE PLAYER the first Trojan that is specifically aimed at operating system Android. The same security company has previously warned that especially Android and Symbian will be the hackers future terrorist targets.
Google's Android operating system based on open source, which has received a number of skeptics to argue that it is not as safe as other OS. There are also stand-up for anyone to publish applications in the Android Market, the app store almost censor any content.
The advantage of such a system is that it aims to increase innovation in application development, and that there is a free and unfiltered market. The disadvantages include a large number of useless apps, not to mention that it is easier to spread viruses.
Yeah, why does and movie player need permission to send SMS? Call it SMS Spammer and its called after what it does. A trojan in my opinion would NOT request permission he just would send them, hide itself from taskmanager...
btw a movieplayer with 13kb
Dont download **** movie players that require permission to send SMS
edit: kaspersky for android is coming
Norton Antivirus for android, Apparently it supports Android 2.X
http://www.symantec.com/norton/smartphone-security-android
http://www.intomobile.com/2010/06/09/norton-anti-virus-released-for-android/
PhilDsT said:
Yeah, why does and movie player need permission to send SMS? Call it SMS Spammer and its called after what it does. A trojan in my opinion would NOT request permission he just would send them, hide itself from taskmanager...
btw a movieplayer with 13kb
Dont download **** movie players that require permission to send SMS
edit: kaspersky for android is coming
Click to expand...
Click to collapse
It may be common sense to you and I, but that doesn't mean everyone always pays attention.
As for the naming of the malware, I agree - it doesn't seem like a traditional trojan. Though to a layman it could appear to be one, as a "trojan" is just something masquerading as something else.
Mano1982 said:
Norton Antivirus for android, Apparently it supports Android 2.X
Click to expand...
Click to collapse
There are plenty of AV's on the market for android, Norton and many others
My mention of kaspersky because they discovered it
And for installing software: android is as safe as any other (desktop) Os, it depends on the user. If you install everything without thinking /looking once, the phone will end up as a spamming machine, battery empty, and a high bill...
Sent from my DeVillain using XDA App
Yeah... I wouldn't be surprised if this whole story was blown up by Anti-Virus companies.
PhilDsT said:
My mention of kaspersky because they discovered it
Click to expand...
Click to collapse
They're the first to goto the press with it actually
It was submitted by a user to both dr.Webb and kaspersky at the same time... dr.Webb actually reported back a definition for it then Kaspersky... Though in the press's eyes, which is now everyone else's vantage point -- the story is different

[WARNING] DavinciDevelopers steal apps from this forum !

/!\ BE AWARE OF YOUR APP, DavinciDevelopers try to steal them and sell them on the market !!
Hello guys,
Be careful, if you post an apk of your free app here, somebody will try to take the apk, remove the signature, and upload it as a paid version on the market !
The proofs : (edited to add new stolen softwares)
Llamadroid
- http://forum.xda-developers.com/showthread.php?p=10113570#post10113570
- http://www.androlib.com/android.application.com-kebab-llamadroid-zzjjD.aspx
(removed today, on 5th january)
Typo clock
- http://forum.xda-developers.com/showthread.php?t=814054
- http://www.appbrain.com/app/beautiful-clock-widget-3d/com.semicuda.typoclock
Iron soldiers
- http://forum.xda-developers.com/showthread.php?t=862875
- http://www.appbrain.com/app/iron-soldiers/vuxia.ironSoldiers
(removed from market today, on 5th january, but still referenced)
Championship racing 2010
- http://www.vividgames.com/sub_game.php?id=42
- http://www.androlib.com/android.application.com-vividgames-championship_racing_2010-zzxwq.aspx
(removed today, on 5th january)
Liquid wallpaper
http://forum.xda-developers.com/showthread.php?t=878252
http://www.appbrain.com/app/liquid-physics/livewallpaper.liquid
Bluetooth Scanner
http://forum.xda-developers.com/showthread.php?t=900923
http://www.androidzoom.com/android_games/casual/bluetooth-scanner_pvqg.html
(New !! Now, we have proof that ALL his apps are stolen)
And even Gameloft best sellers (paid games) :
http://www.androlib.com/android.app...ndroid-gand-gloftspaw-heroofsparta-zjCDi.aspx
(removed from market today, on 5th january, but still referenced)
http://www.androlib.com/android.application.com-gameloft-android-gand-gloftavar-avatar-zjCEx.aspx
(removed from market today, on 5th january, but still referenced)
Minigore
http://minigore.blogspot.com/2009/07/what-minigore-is.html
http://www.appbrain.com/app/minigore-hd/com.ambushgames.minigore
http://www.androlib.com/android.application.com-ambushgames-minigore-zzjqD.aspx
Zuma's revenge
Original
http://www.zumasrevengegame.com/
http://store.steampowered.com/app/3620/
Scammers
http://www.appbrain.com/app/zumas-revenge-hd/com.popcap.zumas_revenge
http://www.appbrain.com/app/zumas-revenge/com.fox.game.zumasrevenge
How is it possible ?
Google does not check your apk signature when you upload a software.
Even if you signed yous apk with you key, somebody else can put this on his google account.
The signature can be deleted easily if needed.
He can change the title of your app, so nobody see it, but he can't change the apk name nor the icon.
Why do we post our apk here ?
To have testers, to correct bugs, to have a perfect look and feel before put it on the market.
Because on the market people are rude, we have only one chance, so we need to avoid bugs.
And when we put our app online, we want to choose if it's paid or free (with ads or not).
What is the problem ?
If DavinciDevelopers steal and upload your app, he will lock your pak name.
2 apps can't have the same name on the market.
You may have a name like com.myname.myapp.apk
Where "myname" is the same in every app you do.
If he take that, this is a major issue for you because you will be associated to him on every search (google.com, market...).
So, you will have to change your app name and maybe your company name....
Within 1 or 2 days, the market is parsed from androlib, androidzoom, appbrain... and it's done. Google.com will see those websites, and you are trapped.
You will have your buggy app on the market, some people will pay for that, the thief will have some money, and every users will have a bad opinion of your app.
Why DavinciDevelopers does this ?
To make benefit from your work.
Because he doesn't care you are working from a long time on your app.
Because he doesn't care if your work is ruined, he will find somebody else.
How can we be protected ?
Because 2 apps can't have the same name, you should put your app on the market first.
If your app is in development stage, you can upload it as "draft", so it will not be visible on the market, but the name will be locked.
Who is DavinciDevelopers ?
Somebody that have 83 apps on the market !
Almost all of them are themes.
If you look the package name you can see for example :
com.nd.android.pandatheme.p__3d_android_theme
at :
http://www.androlib.com/android.application.com-nd-android-pandatheme-p__3d_android_theme-qAmiz.aspx
google search : "pandatheme", first link :
http://home.pandaapp.com:888/
So he is not a developer. He makes themes with a free online tool and sell them... nice.
And for the real apps he uploaded (about 5), they all are stolen, coming from poland, germany, and other places.
Almost every of them comes from XDA dev forums.
ps : this message should be marked as sticky in every development section.
Wow, I can't believe this
It gets even better! Check this out:
http://www.androlib.com/android.app...ndroid-gand-gloftspaw-heroofsparta-zjCDi.aspx
http://www.androlib.com/android.application.com-gameloft-android-gand-gloftavar-avatar-zjCEx.aspx
He released the liquid physics live wallpaper I posted on here as well.
http://forum.xda-developers.com/showthread.php?t=878252
http://www.appbrain.com/app/liquid-physics/livewallpaper.liquid
Attacking GameLoft was a bad move for this/these guy(s).
They hit somewhere they shouldn't have I think.
Khoral said:
Attacking GameLoft was a bad move for this/these guy(s).
They hit somewhere they shouldn't have I think.
Click to expand...
Click to collapse
He has ripped off Popcap as well
http://www.appbrain.com/app/zumas-revenge-hd/com.popcap.zumas_revenge
And MiniGore
http://www.appbrain.com/app/minigore-hd/com.ambushgames.minigore
So STICKY!!!
It's really funny the website slogan:
http://davincidevelopers.weebly.com/
Innovation is everything. WTF
What do you thing, does it matter to left a comment like: app is stolen,... Seller steals apps from real developers or something else in market for "his" apks?
I wrote an email to appbrain and told them about this: maybe they can at least exclude this person from appbrain???
Has anyone emailed him to let him know that we all know?
Dirtbags
Sent from your mom's phone
kiltedthrower said:
Has anyone emailed him to let him know that we all know?
Click to expand...
Click to collapse
Like they would care... they just want to make some quick money from other's work.
The only way we can solve this if somehow we contact google to do something about it.
Since yesterday, he deleted some apps from his market.
I'm the developer of iron soldiers, I had been notified yesterday by another xda forum user that he stole my app.
I emailed him and within 3 or 4 hours he removed the app.
He answered me that he is so sorry, that he shares his key with other people and he didn't know... blabla.
Anyway, he has many stolen apps so he is hard to believe.
Now I see that thanaos2042 created a new thread (thanks ) and that google already referenced it :
If you google "davincideveloppers", this post is already in the first page !
Internet has a memory, and his name will not be forgotten.
they sell a lot of apps which is 80++ but they still using free website ....what a cheapskate...
Holy ****. Mods, please sticky this!!
I sincerely hope Google kicks their ass for this. I'm not familiar with the ToS but I hope they get hit with a lawsuit and instant refunds to say the least.
Stealing from Indie Developers is simply ****ed up. Wouldn't it be funny if a massive attack was launched against this asshole's website? (wink wink)
Chalup said:
Stealing from Indie Developers is simply ****ed up. Wouldn't it be funny if a massive attack was launched against this asshole's website? (wink wink)
Click to expand...
Click to collapse
No, it wouldn't. He/they are using a free web host so that would effectively be an attack on a whole lot of innocent sites.
Terrible to steal!
stolen apps are all over the market, ive even seen the r2d2 live wallpaper from the droid, on the market for 99p,
Good to know about these flagrant ripoffs
Looks like someone took their website down. The link now shows a page that isn't published.
Edit: Looks like Google could do something about this since it appears to be a violation of the terms of service (see 11.4, 13.3 and 16)
11. Content licence from you
11.1 You retain copyright and any other rights you already hold in Content which you submit, post or display on or through, the Services. By submitting, posting or displaying the content you give Google a perpetual, irrevocable, worldwide, royalty-free, and non-exclusive licence to reproduce, adapt, modify, translate, publish, publicly perform, publicly display and distribute any Content which you submit, post or display on or through, the Services. This licence is for the sole purpose of enabling Google to display, distribute and promote the Services and may be revoked for certain Services as defined in the Additional Terms of those Services.
11.2 You agree that this licence includes a right for Google to make such Content available to other companies, organizations or individuals with whom Google has relationships for the provision of syndicated services, and to use such Content in connection with the provision of those services.
11.3 You understand that Google, in performing the required technical steps to provide the Services to our users, may (a) transmit or distribute your Content over various public networks and in various media; and (b) make such changes to your Content as are necessary to conform and adapt that Content to the technical requirements of connecting networks, devices, services or media. You agree that this licence shall permit Google to take these actions.
11.4 You confirm and warrant to Google that you have all the rights, power and authority necessary to grant the above licence.
13.3 Google may at any time, terminate its legal agreement with you if:
(A) you have breached any provision of the Terms (or have acted in manner which clearly shows that you do not intend to, or are unable to comply with the provisions of the Terms)
16. Copyright and trade mark policies
16.1 It is Google’s policy to respond to notices of alleged copyright infringement that comply with applicable international intellectual property law (including, in the United States, the Digital Millennium Copyright Act) and to terminating the accounts of repeat infringers. Details of Google’s policy can be found at http://www.google.com/dmca.html.
16.2 Google operates a trade mark complaints procedure in respect of Google’s advertising business, details of which can be found at http://www.google.com/tm_complaint.html.

Medialets & Zestadz Servers (Ad Blocking)

I have checked several of the major Host ad blocking files available on the web and none reference Medialets & Zestadz Ad Server locations. Lookouts "Ad Network Detector" app found several apps using these companies to host ads and I want to block them via the host file.
I was using AdFree until I found AdAway, which has far more options, including using several host file update locations and manually entering ad servers to block. AdAway uses the same host file source, as well as several others but none of these reference Medialets & Zestadz. Apparently Medialets is now the worst of the bunch, with ads that can collect anything and everything on your phone.
This article in PC Magazine references the Medialet bstards but they don't list the ad server location like they do with several other ad services.
http://www.pcmag.com/article2/0,2817,2383261,00.asp
AdMob which seems to be the most common is just as bad, though their servers are at least known and are included in my host blocking.
"Veracode then drilled down to see what type of data each network was collecting. AdMob accessed GPS location, application package name, and application version information, and "there were variable references within the ad library that appear to transmit the user's birthday, gender, and postal code information," Veracode said." ​
Unfortunately, as I stated above Medialet's servers don't seem to be known to the public and were not listed in the article. A Google search comes back with nothing.
"Medialets library accesses the device's GPS location, bearing, altitude, android_id, connection status, network information, device brand, model, release revision, and current IP address."​
Zestadz is also an unknown. I can't seem to find any info on their ad servers, and they are not referenced in any of the major host files so I can only assume they are not being blocked.
Spyware in PAID Apps!
The obnoxious thing is that Weather Bug Elite uses Medialet even though the app is the paid version. They say that its disabled in the paid "elite" version and is only active in Weather Bug Free, but I don't trust those Medialet a-holes and want to block them at the host level.
Zestadz are used in Flight View Elite, another paid app I own. Same situation above applies. I also found AdMob, AdWhirl and Millennial also embedded in the paid app.
Unfortunately, I can't just go DroidWall these apps as they both need network access so host blocking the ad servers is the only other way I know to prevent them from spying. Anyone know the ad servers for these two companies?
UPDATE: I contacted the parent company who owns WeatherBug and just started entering extensions until I got someone on the phone. I told them I wanted to speak to their legal department regarding a potential lawsuit, and they immediately forwarded me to someone who after some hold time told me "Medialet is NOT suppose to be part of the paid WeatherBug [IE: WeatherBug Elite], and if its showing up then our engineers need to remove it from the application." He said he would be getting back to me on the matter. Does anyone here actually believe this was a legitimate oversight? I am so tired of this privacy invasion crap. Companies think they can do whatever they want until they get caught and just play dumb when it happens.
On to whoever makes FlightView. Going to raise some hell them next. Will update. Still trying to figure out Medialets & Zestadz ad server info. If I can pry it out of these two companies I will post the information as well.
UPDATE 2: The "Office Manager" of Flightview is out of the office until Monday and the tech support department is in a meeting. I will try back later (or Monday) but even though I was [or at least started off] extremely polite, the rep I talked to was a total *itch and tried to dodge my questions on in-app spyware every way possible. Will update when I have more info.

Is it safe to give my IMEI id to Leadbolt?

Leadbolt is provides ads in the notification of andoid similar to airpush. In order to opt out you go to their website where they request your mei imei id. Is it safe to provide this?
Thanks
JeffATL said:
Leadbolt is provides ads in the notification of andoid similar to airpush. In order to opt out you go to their website where they request your mei imei id. Is it safe to provide this?
Thanks
Click to expand...
Click to collapse
Yea, it's just a unique identifier for these networks to add to their list so those IDs never get served ads.
truste.com/developer/?p=86
cLin407 said:
Yea, it's just a unique identifier for these networks to add to their list so those IDs never get served ads.
truste.com/developer/?p=86
Click to expand...
Click to collapse
Cool. Your thanks meter just went from 0 to 1 =)
JeffATL said:
Leadbolt is provides ads in the notification of andoid similar to airpush. In order to opt out you go to their website where they request your mei imei id. Is it safe to provide this?
Thanks
Click to expand...
Click to collapse
I don't know who Leadbolt is, but that aside if you are wondering about whether they (or anyone for that matter) are or not. I would suggest researching about them first via third party reviews, and/or whois domaintools, wikipedia, types of resources. The reviews that are not generated by sites that do not bias their reviews due to being erm bribed for want of a better word will obviously be more accurate as to their legitimacy so sticking to well known and trusted review sites is a good start. I use WOT (web of trust ff addon) to help weed out the bad sites, it's not perfect, however it is far better than using nothing at all. This way you can get an idea if they are trustworthy or not. And if they are new new new I would be more careful as malicious groups start again with new names etc... once their old ones are burned out and no longer provide the gains they are looking for. Hope this helps
Generally speaking, you should never give out your IMEI to anyone.....especially an ad company asking for your IMEI tempting you with not receiving anymore ads? Sounds extremely fishy to me.
Unfortunately I did give my number before seeing other posts.
I do have a problem that may be a result of the foolish move or it may be unrelated. So far I see the problem with one particular website.
If I go to the a particular restaurant's website Eclipse D Luna found by google search, it is hosted by dudamobile. I believe the website is legit as it looks legit from a computer and I think dudamobile is a legit site that transform peoples websites for mobile phones. However when I navigate to the restaurants menu the page is filled with spam (i.e levitra, viagra ads) ?
Leadbolt is a notification ads provider (they also do banners and others). They use IMEI not to show you the notification ads. They are legit, you can give them your IMEI.
'ad.leadboltads.net' is Malware
JeffATL said:
Leadbolt is provides ads in the notification of andoid similar to airpush. In order to opt out you go to their website where they request your mei imei id. Is it safe to provide this?
Thanks
Click to expand...
Click to collapse
LEADBOLTADS IS MALWARE! DO NOT GIVE THEM ANYTHING!
My browser started popping open on reboot/start up to their page with advertising.
This behaviour is known as malware.
Lookout Security & Antivirus found mine in ChargeBar Free Edition,
ChargeBar came embedded in the NottachTrix 2.3.0 ROM.
I installed it (NottachTrix) and it (ChargeBar) didn't update for 3 months, then, BANG.
I've deleted ChargeBar's update, moved it from system apps to apps, deleted it, and the browser pop open 'ad.leadboltads.net' still persists.
Lookout Security & Antivirus can not find the new location of the malware, they do not have a forum.
By the very definition and behaviour, this is malware, and, ChargeBar (Asgard Casino Apps) is involved in the distribution of malware.
Asgard Casino Apps distributes 34 apps that behave this way.
They are using Google Play Store to distribute this malware, abet, that app is benign in its origin, its a pipeline, or conduit for malware.
Sneaky F##kers aren`t they.........
#1) I would like to get this crap off my phone.
#2) I need to bring this to Google's attention, and have the developer and apps banned from the Play store.
Sooo, starting with #1,,,how do I get this crap off my phone!
NOTE:
I will be linking to this post in the NottachTrix post, I'm asking the developers to to move ChargeBar from the ROM zip.
My MBAM forum post: https://forums.malwarebytes.org/inde...06#entry764184

Categories

Resources