Trend Micro researchers come across a server hosted in Germany that hosts a large number of websites serves mobile malware ,targeting Android and Symbian users.
Researchers found a total of 1351 websites hosted on the server , all the website falling into a certain categories namely Android Market apps, Opera Mini/ Phone Optimizer apps, Pornographic apps , App storage sites, Others .
The sites under the Android Market apps category are designed such that it will look like a legitimate site, features popular applications like WhatsApp, Facebook, Facebook Messenger, Barcode Scanner, Skype, Google Maps, Gmail, YouTube, and others. TrendMicro security solutions detect the files download from above mentioned sites as ANDROIDOS_FAKENOTIFY.A.
The file downloaded from Opera Mini/ Phone Optimizer apps category websites detected as J2ME_SMSSEND.E (a malware especially designed for MIDlets supported devices).
According to the Trend micro graph showing the distribution of domains based on the categories, most of sites offered Opera Mini updates and Photo Optimizer Apps compared with others(nearly 300 sites).
"This particular cybercriminal operation presents some interesting findings. Here we saw that the attackers are not necessarily targeting only one platform. Based on the targeted platform, we also saw that cybercriminals use different social engineering lures. Also, despite the emergence and prevalence of platforms such as Android and iOS, the Symbian platform still seems to be targeted as well." Paul Pajares ,Fraud Analyst @ TrendMicro Said.
But F-secure researchers found this malware app site and published the information last month.