Fake App into a Trojan horse hiding the hardest hit: hijack traffic, steal phone-APP run. Trojans, flow-IT information
Yesterday, Lee reflects the public say, after you download the game APP, phone Caton, traffic jumped, and so on. Journalist, the author finds, similar situation there, after the advent of genuine popular APP, there will always be a large number of "shanzhai" APP. Many of these pirated APP embedded Trojan, hijack traffic, steal run calls, and so on. According to Ms Lee, yesterday, to pass the time, she downloaded a game APP, "online search results, are pretty much the same, I just downloaded the one. "But after downloading the APP, many problems with phone," suddenly becomes Caton, and every now and then crashes ".
Lee said that as long as the network status, her phone will pop up ads, "approximately every 10 minutes. "In addition, there is a lot that allowed the installation of mobile phone APP," could have a month of traffic, almost in just a few days ′ gone ′. ”
Reporters found out upon Madam Lee′s advisory staff, Lee download "sneaky" game APP is not genuine, but rather "shanzhai" APP. Their phone is a Trojan virus, cell phone code was tampered with. "The system will be downloaded in the background by default APP, and pop-up ads. Memory in use by a large number of naturally caused phone Caton and even death. "The technician said, simple APP to close, unable to stop its continues to run in the background, only the APP completely remove or restore phone to factory status in order to solve the problem.
"Pirate I ruin. "Mobile game APP developers, Liu told reporters that their investments developed a name for" pushing gold "game APP, after having spent millions of Yuan, the APP users have formed a good reputation," downloaded over 1000 times a day. ”
Soon, at least seven or eight different "pushing coins" pirated APP appears, Mr LAU′s original APP to be heard. Liu said these pirated APP encroached on the market share, and there is a malicious embedded Trojan behavior, enables users to experience decline directly affects their official APP.
Privacy-stealing "shanzhai" APP is better than 42%
Journalist, the author finds, fake APP really spread in the network, APP name and identity, and genuine highly similar, ordinary users without attention, it is difficult to identify. Once you download and install, light is harassed by spam and advertising, to reveal loss of privacy, malicious charges, flow, and so on.
360 companies in the 2015 Android mobile application piracy survey report, researchers issued the largest mobile phone market in 10,305 Edition APP to study found that exists on the Internet 954,986 pirated APP.
"That is to say average, 92 a Li Kui after Li GUI. "The 360 company consolidation software engineer Feng Chengqi said, after a popular APP come out, there will be a lot of" fake "APP appears, grab market. Under normal circumstances, less than 100,000 legitimate APP downloads only twenty or thirty "shanzhai" follow downloaded over 10 million times, "shanzhai" APP will swarm the number multiplying geometrically; downloaded over 50 million times, there will be at least 700 "shanzhai" APP.
Feng Chengqi pointed out that 127,011 malicious APP piracy, pirated APP Trojans class the highest proportion, at 71%. Second is advertising pirated APP, 26% per cent. And in all Trojans class piracy APP in the, malicious buckle fee behavior accounted for than 28%, the species APP will in user not allows of situation Xia, privately sent SMS and buckle fee instruction; tariff consumption behavior accounted for than 26%, the species APP will in user not informed or not authorized of situation Xia, automatically call phone, and sent SMS, and mail, and frequently connection network,, caused user tariff of loss.
Feng Chengqi says Privacy theft "Cottage" 42% of APP, "even the most well-behaved ′ fortress ′APP, also requires access to communications records, phone calls, text messages, location information, and then package the information sent to the back-end server, user privacy is secretly. "In addition, the mobile phone phishing attacks also in rapid development, which" shanzhai "APP the jump function and guidance of the flame.
Pirate anonymous development of consumer rights
Information security industry Shao Senlong said domestic Android applications market range, eco-more open and the lack of unified management, resulting in the application of auditing mechanisms and regulations varies greatly. "Because of the camouflage able, users should not tell, cause ′ cottage ′APP widespread, even legitimate products." Pirated APP both for users and also for legitimate APP developers, there is infringement. But due to pirated APP developers anonymous, responsibility is difficult to pursue.
Shao Senlong said that pirated APP is outside the scope to imitate not only harass users or violate the intellectual property rights of developers. Many pirated APP name does not change, directly modify some code, insert viruses, ads, Trojans and so on. Users download the Android market APP to select well-known, sources of judgment before you download APP, APP for unidentified don′t download. After downloading, it is best to use a professional scan tool to determine whether the virus. The original APP developers, copyright protection may apply to your own code for having patent, to avoid leaks.
Yushi Beijing lawyer Jiang Jian said, if we can find pirated APP makers, the other party shall bear civil liability. Original APP developers may be required to cease the infringement, damages. In addition, the APP also constitute the crime of infringement of copyright piracy. "But at present, the original users and APP developers there are rights issues, mainly the infringer was not found".
山寨App成
木马藏身重灾区:劫持流量、偷跑话费 - APP.
木马,流量 - IT资讯
昨天,市民李女士反映称,其下载游戏APP后,手机出现卡顿、流量偷跑等情况。记者检索发现,类似情况还有很多,正版流行APP问世后,总会有大量“山寨”APP涌现。这些盗版APP多存在植入木马、劫持流量、偷跑话费等问题。据李女士介绍,昨天,为打发时间,她下载了一款游戏APP,“网上的搜索结果很多,都大同小异,我就随便下载了一款。”但她下载该APP后,手机出现了许多问题,“突然变得卡顿,而且时不时就死机”。
李女士说,只要处于联网状态,她的手机就会弹出各种广告,“频率约为每10分钟一个。”此外,其手机还出现许多未默许安装的APP,“原本能用一个月的流量,几乎在几天内就‘跑光’。”
记者就李女士的问题咨询技术人员后得知,李女士下载的“消消乐”游戏并非正版APP,而是“山寨”APP。其手机被木马病毒植入,手机代码遭到篡改。“系统会默认在后台下载附加APP,并弹出广告。内存被大量占用,自然会造成手机卡顿甚至死机。”该技术人员说,单纯将APP关闭,无法阻止其在后台继续运行,唯有将APP彻底删除或将手机恢复至出厂状态才能解决问题。
“盗版坑得我倾家荡产了。”手机游戏APP开发者刘先生告诉记者,自己投资开发了一款名为“推金币”的游戏APP,在投入近百万元后,该APP在用户中形成了良好口碑,“每日下载量超过1000次。”
很快,至少七八种“推金币”盗版APP出现,刘先生的正版APP反被淹没其中。刘先生称,这些盗版APP的出现侵占了市场份额,且有恶意植入木马等行为,使用户体验下降,直接影响了自己的正版APP。
隐私窃取“山寨”APP占比42%
记者检索发现,山寨APP确实在网络中泛滥,且标识、名称与正版APP高度雷同,普通用户如不加留意,一般难以辨别。一旦下载安装,轻则会被垃圾信息和广告骚扰,重则会泄露隐私、遭恶意扣费、流量损失等。
360公司发布的《2015年Android手机应用盗版情况调研报告》中,研究人员对国内最大的手机分发市场中10305款正版APP进行研究发现,在互联网上存在着954986个盗版APP。
“也就是说一个李逵后平均有92个李鬼。”360公司加固保软件工程师冯成蹊表示,一款流行APP问世后,会有大量“山寨”APP出现,抢夺市场。一般情况下,下载量低于10万的正版APP只有二三十个“山寨”跟随;下载量超过1000万次后,“山寨”APP就会蜂拥而上,数量呈几何倍数增长;下载量超过5000万次后,就会出现至少700种“山寨”APP。
冯成蹊指出,在127011个恶意盗版APP中,木马类盗版APP占比最高,为71%。其次是广告类盗版APP,占比26%。而在所有木马类盗版APP中,恶意扣费行为占比28%,该种APP会在用户未允许的情况下,私自发送短信和扣费指令;资费消耗行为占比26%,该种APP会在用户不知情或未授权的情况下,自动拨打电话、发送短信、邮件、频繁连接网络等,造成用户资费的损失。
冯成蹊说,存在隐私窃取行为的“山寨”APP占比42%,“即使最循规蹈矩的‘山寨’APP,也会要求获取通讯记录、电话、短信、位置等信息,然后将这些信息打包发送给后台服务器,用户的个人隐私也随之偷偷流走。”此外,手机端的钓鱼网站攻击也在迅猛发展,正是这些“山寨”APP的引导和跳转功能在推波助澜。
盗版匿名开发消费者维权难
信息安全业内人士邵森龙表示,国内Android应用市场繁多,生态较为开放,缺乏统一管理,致使各应用市场的审核机制和管理规范良莠不齐。“由于伪装得力,用户不宜辨别,造成‘山寨’APP传播广泛,风头甚至盖过正版产品”。盗版APP无论是对用户,还是对正版APP开发者来说,都存在侵权。但因盗版APP开发者匿名,责任难以追究。
邵森龙说,现在,盗版APP已超越模仿范围,不但骚扰用户,也侵犯了开发者的知识产权。很多盗版APP连名字都不改,直接修改若干代码,插入病毒、广告、木马等。用户下载APP可选择知名的安卓市场,下载前先判断APP的来源,对来源不明的APP不要轻易下载。下载后,最好用专业工具进行扫描,确定是否有病毒。原版APP开发者,可对自己的代码及时申请专利著作权保护,避免泄露。
北京雄志律师事务所律师姜健说,若能找到盗版APP的制造者,对方应承担相应的民事责任。原版APP开发者可要求其停止侵权、赔偿损失。此外,盗版APP还构成了侵犯著作权罪。“但目前,用户和原版APP开发者都存在维权难的问题,主要是找不到侵权人”。