New Android malware targeting Middle East countries
Palo Alto uncovers 'Gunpoder', said to evade all antivirus products on VirusTotal
Palo Alto Networks has uncovered evidence of a new type of Android malware, dubbed ‘Gunpoder', which it said could evade all of the antivirus products on the VirusTotal security scanning web service.
Palo Alto added that the malware had Middle East footprints, and that it was being targeted against users in 13 different countries, including Saudi Arabia and Iraq.
Until recently, Palo Alto said, Gunpoder had been classified by anti-virus engines as ‘benign' or ‘adware'. This illustrates the fine line between malware and adware, the vendor added. To stay hidden, Gunpoder embeds a popular adware library within itself, using it to get past anti-virus products which traditionally don't detect these characteristics as harmful.
Palo Alto said that, despite appearing to be a piece of adware, Gunpoder's intentions are far removed from most adware, with the vendor uncovering significant malicious components. These include collecting sensitive information from users, propagating itself via SMS, potentially pushing fraudulent advertisements, and being able to execute additional payloads.
Other countries being targeted by Gunpoder include Thailand, India, Indonesia, South Africa, Russia, France, Mexico, Brazil, Italy, the United States, and Spain, Palo Alto said.