December 19, 2013

min read

Security Alert: SimpleTemai

Lookout Life
Lookout Life
Mobile Security: Privacy & Identity Protection

Recently, Lookout discovered a mobile click fraud family dubbed “SimpleTemai.” SimpleTemai downloads and rates apps from third-party Android markets, so it appears that it’s designed to rip off mobile app promotion service providers; downloads triggered by SimpleTemai have the potential to artificially inflate app promoter effectiveness.

How It Works

SimpleTemai is a malware package that is embedded into legitimate gaming apps. We’ve identified over 1700 unique instances across a variety of racing and strategy games. When a user installs an app infected with SimpleTemai, their device may start downloading other apps, reporting to affiliates that the apps were successfully installed and then removing these downloads. This is all done in the background, unbeknownst to the user. If SimpleTemai goes undetected, it has the potential to run up a user’s mobile data bill by making excessive unwarranted downloads. SimpleTemai also has the capability to download and rate applications from Chinese third-party app stores, presumably to help improve the chances that a smartphone user would encounter an infected app organically through these markets. Lastly, SimpleTemai is constructed in a way that allows it to be remotely updated (see Technical Details). Although current capabilities are limited to mobile click fraud and we have no indication its creators are branching out beyond current functionality, SimpleTemai could presumably leverage this capability to significantly modify its behavior.

Technical Details

SimpleTemai’s construction is very interesting because its capabilities are primarily scripted in FScriptME, a scripting language that can be used as an embedded language in Java programs. This presumably allows it to evade some methods of static analysis detection, and also allows it to be remotely updatable.

Who Is Affected?

SimpleTemai primarily affects Chinese Android app stores and has not been found in any major app stores such as Google Play. In addition, detections of SimpleTemai within Lookout’s Mobile Threat Network have been relatively low.

How to Stay Safe

Lookout Free and Premium users are automatically protected. Here are two tips to keep your phone safe from malware such as SimpleTemai:

  • Only download apps from reputable app stores and check that the developer is credible before downloading.
  • Download a mobile security app for your phone, like Lookout, that scans for malware.

With Lookout Life, Staying Protected Has Never Been Easier

Lookout Life protects your digital information at every level. Device security, online privacy protection & identity financial protection for total peace of mind.