New Android malware targeting Middle East countries

Palo Alto uncovers 'Gunpoder', said to evade all antivirus products on VirusTotal

Tags: IraqPalo Alto Networks (www.paloaltonetworks.com)Saudi Arabia
  • E-Mail
New Android malware targeting Middle East countries Until recently, Gunpoder had been classified by anti-virus engines as ‘benign' or ‘adware'.
By  Tom Paye Published  July 9, 2015

Palo Alto Networks has uncovered evidence of a new type of Android malware, dubbed ‘Gunpoder', which it said could evade all of the antivirus products on the VirusTotal security scanning web service.

Palo Alto added that the malware had Middle East footprints, and that it was being targeted against users in 13 different countries, including Saudi Arabia and Iraq.

Until recently, Palo Alto said, Gunpoder had been classified by anti-virus engines as ‘benign' or ‘adware'. This illustrates the fine line between malware and adware, the vendor added. To stay hidden, Gunpoder embeds a popular adware library within itself, using it to get past anti-virus products which traditionally don't detect these characteristics as harmful.

Palo Alto said that, despite appearing to be a piece of adware, Gunpoder's intentions are far removed from most adware, with the vendor uncovering significant malicious components. These include collecting sensitive information from users, propagating itself via SMS, potentially pushing fraudulent advertisements, and being able to execute additional payloads.

Other countries being targeted by Gunpoder include Thailand, India, Indonesia, South Africa, Russia, France, Mexico, Brazil, Italy, the United States, and Spain, Palo Alto said.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code