Trojan adware hits budget Androids – and some well-known apps

The adware, named Android/Gmobi.A by Avira, is used to send phone owners targeted advertisements. It is linked to a software development kit (SDK) that automates the display of advertisement images and notifications.

Gmobi has been found in the firmware of nearly 40 budget Android smartphones and in a few popular apps such as the Micromax AQ5001 and ASUS WebStorage. Users with the software built into their device firmware may be unable to remove it without endangering the stability of their devices.

Gmobi-AppInfoThe primary security risk in Gmobi lies in its ability – depending on the original permissions given by the device owner – to broadcast a range of private data about the device owner and install additional apps to the device.

Gmobi-Install“Aside from the advertisements, it is also a security risk,” said Mihai Grigorescu, Android analyst at Avira. “It could be considered a backdoor thanks to its ability to receive remote commands to install other packages.”

Gmobi goes to work collecting user data once the device gets connected to the internet. Some of the details sent to the remote Command & Control server include data on emails, roaming availability, GPS coordinates, mobile network data, device ID, and the installation of Google Play.

Software update

The server responds with directions on where and how to serve up advertisements: It updates the local ads database, places ad shortcuts on the home screen, puts ads in a notification box, charts user responses, and potentially start or install additional apps.

As a PR Consultant and journalist, Frink has covered IT security issues for a number of security software firms, as well as provided reviews and insight on the beer and automotive industries (but usually not at the same time). Otherwise, he’s known for making a great bowl of popcorn and extraordinary messes in a kitchen.