Android Trojan Targets Japanese Market – Steals Personal Data

Outsmart Malicious Hackers


Early last year we wrote about China Facing Problems With Android Handsets & Pre-installed Trojans, then later last year there was a possibility Cybercrooks May Be Able To Force Mobile Phones To Send Premium-Rate SMS Messages.

The latest news about Android malware is malicious apps that are in the official Google marketplace (called Play) – they are masquerading as apps to deliver trailers for various content – but in fact steals your data in the background.

Security experts are warning of yet more malicious applications found on Google’s official online apps market Play, this time designed to steal personal data in the background while promising to show trailers for Japanese anime, video games and porn.

McAfee malware researcher Carlos Castillo explained in a blog post that the new Android Trojan had been discovered in 15 applications on Google Play so far and downloaded by at least 70,000 users.

The malware, specifically designed to target Japanese users, is hidden in apps which show internet-based video trailers.

On installation, the malicious apps request the user grants them permission to read contact data and read phone state and identity which.

If granted by the user, this will enable them to pilfer Android ID, phone number and the victim’s entire contacts list including names, email addresses and phone numbers.

It will then attempt to send the data in clear text to a remote server and, if successful, will request a video from that same server to display, said Castillo.

I think most of us are pretty safe from this set of nasties though as it targets the Japanese market specifically. It is a general problem with Android apps though, most of them ask for far more permissions than they actually need to function (lazy devs perhaps?) so Android users are very used to granting all kinds of permissions to fairly simple apps.

Thankfully McAfee mobile security app does detect these as a threat (although how many people really have AV software on their phones?!).


“Due the privacy risk that these applications represent to Android customers, all of them have been removed from the market,” he cautioned.

“McAfee Mobile Security detects these threats as Android/DougaLeaker.A. Users should verify in the Google Play market prior installation that the application does not request permission to perform actions not related to its purpose.”

Google’s relatively open Android ecosystem has led to a huge surge in malware hidden in legitimate looking applications.

Apart from data-sucking Trojans, cyber criminals have looked to distribute apps containing premium dialler malware, SMS fraud Trojans and malware designed to turn a user’s handset into a bot.

Worryingly, two-thirds of Android anti-malware scanners are not up to the task, according to recent research from AV-Test.

The firm said that there are more than 11,000 strains of malware in the wild targeted at the platform – a figure growing at some pace.

Google does seem to be fairly on top of removing these apps from the marketplace as soon as they are reported and verified as malware. I’d have though they should integrate some kind of malware scan (including heuristic scanning for dodgy calls) to Google Play when someone adds a new app.

As always just be careful what you’re downloading and what you are giving permissions to. If you are paranoid, hook your phone up to your desktop and proxy all the traffic through there and get sniffing.

Source: The Register

Posted in: Malware, Privacy, Spammers & Scammers

, , , , ,


Latest Posts:


Taringa Hack - 27 Million User Records Leaked Taringa Hack – 27 Million User Records Leaked
The Taringa hack is actually one of the biggest leaks of the year with 27 million weakly hashed passwords breached, but it's not often covered in the West.
A2SV - Auto Scanning SSL Vulnerability Tool For Poodle & Heartbleed A2SV – Auto Scanning SSL Vulnerability Tool For Poodle & Heartbleed
A2SV is a Python-based SSL Vulnerability focused tool that allows for auto-scanning and detection of the common and well-known SSL Vulnerabilities.
VHostScan - Virtual Host Scanner With Alias & Catch-All Detection VHostScan – Virtual Host Scanner With Alias & Catch-All Detection
VHostScan is a Python-based virtual host scanner that can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages.
Equifax Hack Blamed On Single Employee Equifax Hack Blamed On Single Employee
We wrote about the Equifax Hack, Data Breach and Leak last month, which happened due to a flaw in Apache Struts that for some reason hadn't been patched.
LOIC Hivemind - Low Orbit Ion Cannon LOIC Download – Low Orbit Ion Cannon DDoS Booter
LOIC Download below - Low Orbit Ion Cannon is an Open Source Stress Testing and Denial of Service (DoS or DDoS) attack application written in C#.
Yuki Chan - Automated Penetration Testing Tool Yuki Chan – Automated Penetration Testing Tool
Yuki Chan is an Automated Penetration Testing Tool that carries out a whole range of standard security auditing tasks automatically.


Comments are closed.