Early last year we wrote about China Facing Problems With Android Handsets & Pre-installed Trojans, then later last year there was a possibility Cybercrooks May Be Able To Force Mobile Phones To Send Premium-Rate SMS Messages.
The latest news about Android malware is malicious apps that are in the official Google marketplace (called Play) – they are masquerading as apps to deliver trailers for various content – but in fact steals your data in the background.
Security experts are warning of yet more malicious applications found on Google’s official online apps market Play, this time designed to steal personal data in the background while promising to show trailers for Japanese anime, video games and porn.
McAfee malware researcher Carlos Castillo explained in a blog post that the new Android Trojan had been discovered in 15 applications on Google Play so far and downloaded by at least 70,000 users.
The malware, specifically designed to target Japanese users, is hidden in apps which show internet-based video trailers.
On installation, the malicious apps request the user grants them permission to read contact data and read phone state and identity which.
If granted by the user, this will enable them to pilfer Android ID, phone number and the victim’s entire contacts list including names, email addresses and phone numbers.
It will then attempt to send the data in clear text to a remote server and, if successful, will request a video from that same server to display, said Castillo.
I think most of us are pretty safe from this set of nasties though as it targets the Japanese market specifically. It is a general problem with Android apps though, most of them ask for far more permissions than they actually need to function (lazy devs perhaps?) so Android users are very used to granting all kinds of permissions to fairly simple apps.
Thankfully McAfee mobile security app does detect these as a threat (although how many people really have AV software on their phones?!).
“Due the privacy risk that these applications represent to Android customers, all of them have been removed from the market,” he cautioned.
“McAfee Mobile Security detects these threats as Android/DougaLeaker.A. Users should verify in the Google Play market prior installation that the application does not request permission to perform actions not related to its purpose.”
Google’s relatively open Android ecosystem has led to a huge surge in malware hidden in legitimate looking applications.
Apart from data-sucking Trojans, cyber criminals have looked to distribute apps containing premium dialler malware, SMS fraud Trojans and malware designed to turn a user’s handset into a bot.
Worryingly, two-thirds of Android anti-malware scanners are not up to the task, according to recent research from AV-Test.
The firm said that there are more than 11,000 strains of malware in the wild targeted at the platform – a figure growing at some pace.
Google does seem to be fairly on top of removing these apps from the marketplace as soon as they are reported and verified as malware. I’d have though they should integrate some kind of malware scan (including heuristic scanning for dodgy calls) to Google Play when someone adds a new app.
As always just be careful what you’re downloading and what you are giving permissions to. If you are paranoid, hook your phone up to your desktop and proxy all the traffic through there and get sniffing.
Source: The Register