Android Virus Spreads Through Facebook

By | Feb 29, 2012

In early February, Google released a new service that is code-named Bouncer and which is designed to scan the Android Market for malicious applications. Unfortunately, scammers have adapted and found a new way to spread malware to unsuspecting users--through Facebook.

Vanja Svajcer, an employee at the security firm Sophos, discovered a malicious application after receiving a Facebook friend request from an unknown user. On the user's profile page was a link to a website that downloaded malware to Svajcer's device without his permission.

"The malware package was called any_name.apk, and appears to have been designed to earn money for fraudsters through premium rate phone services," wrote Svajcer in a post published to Naked Security, Sophos' official blog. The malware sends text messages or makes calls to premium-rate numbers (phone numbers that charge money to the user when called) without the device owner's knowledge or consent.

A few days later, Svajcer visited the link again. The browser redirected to a different website from before and downloaded a new software, this time named allnew.apk.

Under normal circumstances, Android devices have a default setting that prevents the phone from downloading any applications that do not come from the Android Market. Some users--particularly IT professionals and mobile developers--turn off this setting to download Android apps from unauthorized sources.

Of course, most users who know how to disable this setting should be savvy enough to know not to visit unfamiliar links or install random software, but some device owners know just enough about their device to be dangerous.

While this app shouldn't affect most midsized businesses, it could spell bad news for companies that cover the costs of their employees' smartphones. The real danger here, however, is not this particular malware in itself, but the possibilities of applications designed to extract or corrupt sensitive data finding their way onto employee smartphones.

With the advent of smartphones and tablets, bring-your-own-device (BYOD) policies are becoming more and more prevalent. While convenient, devices that are allowed to access the company network or view confidential data can put a business at risk. Unfortunately, employees often lack the know-how to protect their devices from vulnerabilities.

Blocking social networking websites like Facebook can reduce the risk of virus infections like the one Svajcer discovered, but it's not foolproof. Mandatory security awareness training, however, can educate employees on the risks that come with using consumer devices at work. If your business has a BYOD policy, it's imperative that all employees know not to visit unfamiliar websites or install unknown applications on their devices.

This post was written as part of the IBM for Midsize Business program, which provides midsize businesses with the tools, expertise and solutions they need to become engines of a smarter planet.

IBM Solution Security & Resiliency

IBM's IT security expertise can help medium-sized businesses develop, implement and maintain comprehensive strategies to combat ever-evolving security threats without increasing complexity, cost, or resources required for administration.

Learn More »

More on This Topic