Saltar al contenido

Detect Pay Per Install network of Trojans for Android

ppi para android

Pay-per installs are affiliation schemes with which it is possible to earn money distributing applications and obtaining installations by users, hence their name pay per installation or PPI.

Many legitimate companies and programs use them to earn income and users, a clear example is the well-known CCleaner program that, for some time, offered the Yahoo toolbar as an extra installation, every time a user from the United States installed it. CCleaner earned $ 1.

The same model is used by cyber criminals to spread malware and all kinds of fraudulent products, in Russia these affiliate networks are known as partnerka. In 2008 they became very popular with PPI systems and fake antivirus, generating millions in profits.

From PC to mobile, the market adapts:

In the ESET blog in English they have commented some details of a pay-per install system that has as target Android users. For each installation that is obtained they pay between 2 and 5 dollars, a higher figure than can usually be obtained by infecting Windows computers.

The software that must be propagated is of the TrojanSMS type, it sends from the mobile phone of the victim's text messages to toll-free numbers which allow them to obtain profits for the network administrators.

How do computers infect? The methods are very varied, one of the most used is to modify or clone legitimate applications to hide Trojans. Then these are distributed in unofficial forums and markets where users look for free versions of applications that are normally paid.

Good practices: avoid downloads from unknown sources, on Android the ideal is to go to Google Play. If the mobile allows it, it is not a bad idea to install an antivirus.