Remo Media is scammer/hacker.

  • 9 April 2012
  • 5 replies

I've had the misfortune of running into this guy. He's found a way to bypass security on android phones. Here's what happened with me. I recently went to [URL removed by moderator] on a "free" offer of a ringtone. I entered my phone number to get the ringtone and noticed a subscription notification in the terms & conditions below and stopped. I left the page without completing the transaction. Since I had typed out my number he has a script that recorded it running on that page. since then he has passed my number out to his so called affiliates and have been getting webpage link notifications sent directly to my phone saying I won this, I won that.. and links to apps that I'm assuming he's written with code to do the same as I've described above. and since it's not sms messages I can't block hom. so webroot DO YOUR THING! I'm sure you guys can come up with something to block this guy. if you need more info, feel free to contact me.  

Best answer by Kit 10 April 2012, 17:35

View original

5 replies

Userlevel 7
Welcome to the Community zenpoker!
Any messages coming into your phone should be SMS and can be blocked. If they are in fact not SMS they may be "Adware" webpage notifications coming from apps you may have downloaded. Webroot looks for threats but we do not label "Greyware" as threatening as many people enjoy these apps even though the advertisements can be annoying.
Please let me know if you had downloaded any apps prior to this occurence. You may want to uninstall these apps to fix the issue.
If the messages you are receiving are in fact SMS you can block them by:
1. Navigating to your SecureAnywhere app.
2. Clicking on "Call & SMS Blocking"
3. Clicking on "Blocked Numbers"
4. And then navigating to your options and finding the source from "Pick from Text Messages"
Seriously, that's what you're going with? We like getting spam in our task/notification bar on top of Android GUI? Want to bet $1000 on that? We can hold a survey right here in webroot. I'm giving you home feild advantage. 80% will say no, 10% will say yes & the other 10% have kind of mental deficiency or defect. I'll be back later to debate this some more
Userlevel 7
I'll chime in here.
 From your description, you are receiving AirPush messages or notifications, not SMS.    That means it had absolutely nothing to do with the web site or your phone number thankfully.  The phone number can only be used for SMS, not app notifications. Phone SMS spam is a serious pain and there is often no good way to block it, since it can be source-spoofed.
We said that some people enjoy the apps, not the advertisements.  :)  If you get a well-made game that you absolutely want to play despite the notices it spams you with, they you either have to deal with the ads or not play the game.  Some people find the app useful or compelling enough that they deal with the ads.   Plus the downside is that it's possible to detect whether an app has the ability to do AirPush, but it's not possible to detect when it does or how often it will.
The good news is that most well-made apps don't stoop to aggressive notification advertising.  That being said, you are getting those notifications because of some app that convinced you to download and install it.  Along with (hopefully) doing what it says it will do, it also pushes ads to you.  So some app - maybe even one you thought you might really like - is the perpetrator and will have to be removed.
When the Mobile threat team gets back in tomorrow, I'll check with them about scanning for various AirPush frameworks as PUAs (Potentially Unwanted Application).  Like I said, it's only possible to know if they use it at all, not how often they use it.
It's not going to be instant thing, so your best bet in this case would be to determine what app is popping the notifications and then directly uninstall it.  It could be anything from a game to something masquerading as a popular game but repackaged with the aggressive advertising.  A quick, free, open-source app that may be of assistance in finding this is here.  Be cautious about false positives.  I ran it on my system and it flagged two apps as having the ability to, but I've never had notification spam.
I followed your link to the airpush detector and found where it was coming from. I had D/L'ed a game called skateboard risk from runnergames. I used Air push detector you posted and found it. I also used another from one of your competition." Lookout ad network detector"  and that was actually much better. it found airpush AND leadbolt adware in the same game. so thanks for your assist! I hope in your future releases you address these issues with uber-agrssive adware posting. maybe an option to block airpush & leadbolt? No one wants to see spam on their task/notification bar on their android. again, thanks for your help, kit.
Userlevel 7
Glad that worked out!

So here's what I found...
RunnerGames makes the app "Skater Boy", however another developer (Holiday26519) ripped the APK to package as "Skateboard Risk", which is just a copy of Skater Boy but loaded up with advertisements. They make money by showing you the ads, and make money by harassing you enough with the ads that you pay to get rid of them.

I see that you followed up very well and put a review on the app to help warn other people. Excellent!

I spoke with the Android Threat Research team this morning. The current blocker on detecting spammy apps is the ability for the security app to say "This app has the ability to do something, but it may not, and you might want it anyway". If we add the definitions right now, it will flag it as "Ohno!! THREAT!" and cause unnecessary panic (kind of like with the two apps I have with Airpush capability, but they never use it). We're targeting to have the capability to flag things as greyware, crudware, adware, etc Very Soon™ (Hopefully in 2.8). Sadly it's probably not possible to just block it - other than uninstalling the offending app - without root access.

I wouldn't necessarily say that the Lookout was "better", but just that it operates differently. The Airpush Detector app will stop scanning a given app when it finds one thing, so even if the app has four different intrusive advertisement modules, it will stop on that app when it finds the first, flag the app, and move on to the next. Both have the goal of finding the app as an entirety, since you can't take parts out of an app. ;)

Thank you again for following up with the review. It was easy to see that a lot of the five-star reviews were farmed. It goes without saying that reviewing the reviews is always a good idea to see if an app is liable to misbehave in some way. The more you know about Android permissions and the more you check for knowledgeable reviews, the better protection you will have.