Symantec is warning users of Android smartphones about a new group of malicious applications onthe Android Market that contain a Trojan designed to steal information and possibly open a backdoor on Android devices.
The titles sound like the real existing mobile apps but they are not the real thing.
Kevin Haley, director of Symantec Security Respons
Symantec said the malicious code was found in more than a dozenarcade and action game Android applications written by iApps7 Inc. and Ogre Games. Titlesinclude Counter Elite Force, Sexy Girls Puzzle and Hit Counter Terrorist. The applications,according to Symantec, could have been downloaded up to 5 million times. Symantec has notifiedGoogle about the malicious code, but some of the titles are still available.
Weve seen the approach where the bad guys take an existing legitimate application, modify itand post it onto the marketplace, but these seem to be created completely, said Kevin Haley,director of Symantec Security Response. The titles sound like the real existing mobile apps butthey are not the real thing.
The Trojan, called Counterclank,has been given a low risk level by Symantec, because the infection can be removed by simplyuninstalling the application. The widespread availability of the applications has led Symantecresearchers to believe the infection could be on millions of Android devices. This is a classicTrojan horse where bad stuff is hidden within something that seems benign or seems perfectly fine,Haley said.
A Google spokesperson declined to comment. Counterclank is very different from the DroidDreamTrojan, which gained root access to the Android device. It appeared embedded within 50applications in the official Android Market and forced Google to quickly remove the apps and deploya security update to disinfect devices. The publishers that created the apps containingCounterclank state in the Android Market app description that the publishers install the homepagesearch feature and have access to browsing history and bookmarks.
Once installed, the applications contain the Trojan, which is designed to be a bot-like threatthat can receive commands to carry out certain actions as well as steal information from thedevice, wrote Ifran Asrar, a researcher with Symantec Security Response. The maliciousapplications ask users for a variety of permissions, including access to information aboutnetworks, GPS location, and read/write access to the users browsing history and bookmarks.
Victims with an infection will see a search icon on the home screen. In addition to stealing thedevices MAC Address, SIM serial number and IMEI number, the Trojan can download additional filesand display advertisements. Haley said the stolen data could be used to clone the phoneand make long distance calls. The more interesting piece, according to Haley is the ability of thecybercriminals to run adware on the phone and download anything they want onto the phone, includingadditional malware.
0 comments:
Post a Comment