Advertising
The new twist is that the malware is triggered by the app developer including the ad network's code in its app, not by the user downloading something dodgy.
Here's how it works. Normally, app developers include software development kits (SDKs) for a variety of a networks in their apps. This allows ads to be served on behalf of the highest bidder across a range of ad networks. The SDK serves the ads to users, and the developer and the network split the fee, according to Christian Science Monitor:
Unfortunately, how well developers vet the ad networks they side with varies from one app maker to another. If the developer does not care or simply goes with the highest bidder, then the chances of siding with a malicious ad network is high.
The malicious SDK then sits in the background, and waits until the user downloads another app. When that happens, the malware inserts an extra dialog box during the new app download, asking the user for permission to access text/SMS services. A little while later, the user finds a bunch of premium charges for text use on their bill.
Wade Williamson, a senior security analyst with Palo Alto Networks in Santa Clara, Calif., said malicious mobile ad networks take advantage of app developers who need the cash from ads:
"This is where things get extremely interesting," Williamson said in an interview. "The issue is that for pretty much anybody who builds a
Williamson has seen seven malicious ad networks so far, mainly from China and Asia.
Here's a look at the top mobile ad networks and the top malware devices they serve, courtesy of Trend Micro:
Trend Micro