Android Trojan Targets Japanese Market – Steals Personal Data

Outsmart Malicious Hackers


Early last year we wrote about China Facing Problems With Android Handsets & Pre-installed Trojans, then later last year there was a possibility Cybercrooks May Be Able To Force Mobile Phones To Send Premium-Rate SMS Messages.

The latest news about Android malware is malicious apps that are in the official Google marketplace (called Play) – they are masquerading as apps to deliver trailers for various content – but in fact steals your data in the background.

Security experts are warning of yet more malicious applications found on Google’s official online apps market Play, this time designed to steal personal data in the background while promising to show trailers for Japanese anime, video games and porn.

McAfee malware researcher Carlos Castillo explained in a blog post that the new Android Trojan had been discovered in 15 applications on Google Play so far and downloaded by at least 70,000 users.

The malware, specifically designed to target Japanese users, is hidden in apps which show internet-based video trailers.

On installation, the malicious apps request the user grants them permission to read contact data and read phone state and identity which.

If granted by the user, this will enable them to pilfer Android ID, phone number and the victim’s entire contacts list including names, email addresses and phone numbers.

It will then attempt to send the data in clear text to a remote server and, if successful, will request a video from that same server to display, said Castillo.

I think most of us are pretty safe from this set of nasties though as it targets the Japanese market specifically. It is a general problem with Android apps though, most of them ask for far more permissions than they actually need to function (lazy devs perhaps?) so Android users are very used to granting all kinds of permissions to fairly simple apps.

Thankfully McAfee mobile security app does detect these as a threat (although how many people really have AV software on their phones?!).


“Due the privacy risk that these applications represent to Android customers, all of them have been removed from the market,” he cautioned.

“McAfee Mobile Security detects these threats as Android/DougaLeaker.A. Users should verify in the Google Play market prior installation that the application does not request permission to perform actions not related to its purpose.”

Google’s relatively open Android ecosystem has led to a huge surge in malware hidden in legitimate looking applications.

Apart from data-sucking Trojans, cyber criminals have looked to distribute apps containing premium dialler malware, SMS fraud Trojans and malware designed to turn a user’s handset into a bot.

Worryingly, two-thirds of Android anti-malware scanners are not up to the task, according to recent research from AV-Test.

The firm said that there are more than 11,000 strains of malware in the wild targeted at the platform – a figure growing at some pace.

Google does seem to be fairly on top of removing these apps from the marketplace as soon as they are reported and verified as malware. I’d have though they should integrate some kind of malware scan (including heuristic scanning for dodgy calls) to Google Play when someone adds a new app.

As always just be careful what you’re downloading and what you are giving permissions to. If you are paranoid, hook your phone up to your desktop and proxy all the traffic through there and get sniffing.

Source: The Register

Posted in: Malware, Privacy, Spammers & Scammers

, , , , ,


Latest Posts:


StaCoAn - Mobile App Static Analysis Tool StaCoAn – Mobile App Static Analysis Tool
StaCoAn is a cross-platform tool which aids developers, bug bounty hunters and ethical hackers performing mobile app static analysis on the code of the application for both native Android and iOS applications.
snallygaster - Scan For Secret Files On HTTP Servers snallygaster – Scan For Secret Files On HTTP Servers
snallygaster is a Python-based tool that can help you to scan for secret files on HTTP servers, files that are accessible that shouldn't be public and can pose a s
Portspoof - Spoof All Ports Open & Emulate Valid Services Portspoof – Spoof All Ports Open & Emulate Valid Services
The primary goal of the Portspoof program is to enhance your system security through a set of new camouflage techniques which spoof all ports open and also emulate valid services on every port.
Cambridge Analytica Facebook Data Scandal Cambridge Analytica Facebook Data Scandal
One of the biggest stories of the year so far has been the scandal surrounding Cambridge Analytica that came out after a Channel 4 expose that demonstrated the depths they are willing to go to profile voters, manipulate elections and much more.
GetAltName - Discover Sub-Domains From SSL Certificates GetAltName – Discover Sub-Domains From SSL Certificates
GetAltName it's a little script to discover sub-domains that can extract Subject Alt Names for SSL Certificates directly from HTTPS websites which can provide you with DNS names or virtual servers.
Memcrashed - Memcached DDoS Exploit Tool Memcrashed – Memcached DDoS Exploit Tool
Memcrashed is a Memcached DDoS exploit tool written in Python that allows you to send forged UDP packets to a list of Memcached servers obtained from Shodan.


Comments are closed.