by nolovelust
17. February 2011 14:17
First of all be very very careful if you are using 3rd party app stores! HongTouTou/ADRD trojan is a click fraud malware that loads and clicks search results from Chinese search engine.
Lookout blog says "... When an app containing HongTouTou starts, it sends encrypted data containing the device IMEI and the IMSI to a remote host. In response, the HongTouTou receives a set of search engine target URIs and a set of search keywords to send as queries. HongTouTou then emulates the search process using these keywords to create searches in the search engine, crawls the top search results for those keywords, and emulates clicks on specific results. To the search engine, the searches appear to be coming from a mobile user using a mobile web browser with User-Agent corresponding to the UCWeb browser (J2ME/UCWEB7.4.0.57) ..."
As always, check permissions on apps you install. Especially with permissions requested by HongTouTou such as
android.permission.WRITE_APN_SETTINGS
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.ACCESS_NETWORK_STATE
android.permission.READ_PHONE_STATE
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.INTERNET
android.permission.MODIFY_PHONE_STATE
Subscribe