Malicious app uses software backdoor to automatically download malicious suction fee

&http://www.aliyun.com/zixun/aggregation/37954.html ">nbsp;   One day when you turn on your mobile phone, you suddenly find that your phone is inexplicably more than a few apps, or mobile phone charges are deducted dozens of yuan, and from beginning to end you are covered in the drums, without knowing. This mysterious emergence of the app, is commonly known as the industry "silent Channel" to promote. On the phone secretly installed on the back of the program, is an unusually large closed-loop industry chain, developers, SP, channel, mobile phone manufacturers have been involved in a cup of soup, behind even some well-known internet companies to promote.      APP "silent" promotion silently "black" off mobile phone      use software back door automatic download, even malicious suction of the      one day to open the phone, You suddenly find that the phone is inexplicably more than a few apps, or mobile phone charges are deducted dozens of yuan, and from beginning to end you are covered in the drums, no knowledge. This mysterious emergence of the app, is commonly known as the industry "silent Channel" to promote. On the phone secretly installed on the back of the program, is an unusually large closed-loop industry chain, developers, SP, channel, mobile phone manufacturers have been involved in a cup of soup, behind even some well-known internet companies to promote.      Silent channel patterns      How are these myriad apps installed on consumer phones without any knowledge? Reporter contacted a dedicated "silent channel promotion" of the person in charge of Sansing (alias), he said that they have deep cooperation with Shenzhen mobile phone manufacturers, in fact, has left the "backdoor" software built in the factory phone, through the "back door", you can remotely control these apps, secretly download the installation of other programs in the background: "No user verification can be installed directly, and security software is not able to find out, currently covers tens of millions of of the national user base." "     This kind of backstage promotion form, because the cost is far below the regular channel, also attracts many developers and the Internet company, uses the backdoor to promote own app:" Through the third party market, the Net Alliance promotion and so on development a user cost in 5~6 yuan, Go to the silent channel only need 1.5 yuan to activate a user, only the extension of the program installation package, two days to complete the push installation, up to one day can push to 100,000 users of the mobile phone. "This way uses the CPA billing mode, namely installs to the user handset, is clicked only then calculates once activates, but this kind of channel to installs the package itself also to have the request:" Generally can only do 5M installs the package, again the big point cannot download installs once. "    According to Sansing revealed that because the silent channel has a large user base, passive installation and other characteristics, has become a developer impact installed new channels, on average, each app can reach 20,000/day installed capacity, and even some well-known domestic electric dealers, portal news and other clients have been through their silent channels to do the promotion.      Malicious deduction software the opportunity to start      In fact, in addition to the number of installed, some malicious debit plug-in app, also in the silent channel resurgence. Wang Hao (a pseudonym) of an SP company said to reporters, the industry's common practice is to include the SP deduction plug-in small application, such as the alarm clock, weather and other apps, through the background to download the installation of the way, secretly implanted into the user's mobile phone, in the user without the knowledge of the case has been completed deduction fee, can even intercept the operator's SMS alerts.      Previous "It Times" has reported that SP manufacturers processing malicious deduction app, according to the reporter understand, this industry chain has formed a complete closed loop, from the handset manufacturers--channel business--SP Company--developers interlocking. And the use of silent channels to promote, it is these upstream manufacturers are the last link. Sansing to reporters, if the use of silent channels to promote the introduction of the plug-in plug-fee app, the price in 2 yuan/times, that is, every activation of a user, the promoter will pay the channel 2 yuan. In the face of mobile phone security software testing, they have a set of countermeasures: "Before doing a silent push can also be directly with the security software detection, if the plug-in is detected, only through simple technical means, to change the signature of the program can be bypassed detection." "     These deduction software, has been all over the Symbian, Android and other mobile phone systems, and often is a cottage some well-known app, in which the addition of the deduction of the plug-in two packaging packaging, in the killing is also difficult:" generally detected, directly to the application to change the name, Or choose another application, and then add a plugin. Sansing to reporters.      Difficult to detect users      in China Mobile's latest mobile virus alert, there has been a similar virus "low download", this malware after the installation of no icon, after obtaining root permissions, Privately downloaded promotional software and installation, serious consumption of user charges. But this kind of malicious virus, already is an Android platform channel Merchant's habitual means, in the industry already is widespread phenomenon.      "This app is typically modified by the phone manufacturer of the system's underlying protocol, or in the preset rom prior to brush into the backdoor plug-ins, with very high privileges." Wang Hao told reporters, in addition to malicious deduction of the app, like the notification bar of the mandatory push ads, but also the use of this remote command in the background remote controlDownload, in fact, when the user sees the app ad in the notification bar, the installer has been downloaded to the phone.      channel operators through the layers of technical means to bypass detection, the safety software to kill the killing brought difficulties. Jinshan Network security engineer Tiejun told reporters, this automatic downloading and installation of the virus in the background is already a common phenomenon on the Android phone, and users are very difficult to guard against: "according to the background monitoring data shows that this background download installed software has hundreds of, almost all of the domestic internet companies, In this process, it is inevitable that the channel to promote the use of gray, and some of the advertising alliance will also use malicious advertising plug-ins, in the background to download and promote the relevant app program. "But there is no solution, Tiejun said, in addition to the use of security software to actively detect, users can also through the Security Software Authority management function, to ban those in the background download the app's networking function.