FREEnet Mobile Malware

FREEnet Mobile Malware

Mobile malware called FREEnet

This malware has been published as an apk file with the name of FREEnet through social networks and claims giving free internet traffic to the application installers. The malware is for Android mobile devices and after installation, the icon is deleted from the main menu but it remains operating in the background.

The malicious operations are completely based on push notifications sent from malware's developer so that it runs some malicious commands in the victim's device based on these notifications. in the other words the goal of the owner of the malware is to create a botnet from malware installers and misuses the panel of the push notification service provider as a command and control server (C&C). some malicious works the malware accomplishes are:

  • Sending SMS from the victim's device
  • Downloading file(s) from specified URLs
  • Unauthorized calling the desired numbers
  • Unauthorized USSD connections with the desired numbers
  • Unauthorized searching in contact list of the victim's device and sending the contact name and corresponding phone number to the desired URL
  • Automated enabling value added services (VAS) in the victim's device
Symptoms of infection

The malware will appear in the list of installed apps after being installed on a mobile device, called "Google Play Service". The malware is installed with a name similar to an original google service i.e. "Google Play services" to convince (cheat) the users to install it as a legal application. The malware's icon is deleted from the application menu after running the app and cannot be seen any symptoms of infection in the device at the first look, although doing it's malicious behavior in the background.

Methods of Clearing Mobile Infected

for removing the malware that comes with the name of "Google Play Service" and considering the deleted icon from the application menu after running, someone can eliminate the infection by uninstalling the malware from app (depending on the device it can be application or application manager) section in settings easily.
Meanwhile, nothing threaten the user, until he/she (naturally installed the malware) runs the received notifications related to the malware.

Methods of Infection Prevention

The following recommendations can play a significant role in preventing the infection of mobile phones.
Do not download and install applications from untrusted sources
given that many problems for mobile phone users arise from downloading and installing applications from insecure resources, consider to download the required applications only from well-known and trusted sources like Google Play Store and App Store.

Consider permissions required from the application to be installed

During installation of android applications, they request some permissions to be accepted by the user. It is very important to prevent installing if it requires more permissions than needed; considering the functionality it provides (based on malware's developer declares about the application).

Do not run unknown notifications

After installing applications based on two previous recommendations, be conscious not to run any notifications from any source. If you see suspicious offers like winning a lottery, free internet traffic and so on in a notification, do not run it to prevent the subsequent events.

Install anti-virus software and update it periodically

in recent years, the widespread prevalence of malware and viruses on android mobile devices caused many problems for smart phone users, so installing an anti-virus program is one of the essentials to prevent the android devices to be infected and malwares to be spread.
also notice that always use a trusted and reliable anti-virus program and update it periodically to detect newly released malwares as soon as possible.