The malware, which is designed to steal sensitive data from Android smartphones, should serve as a warning to users about permission requests.
New malware found in 15 Android apps
in the official Google Play marketplace should serve as a cautionary tale to
Android device users to pay attention to the permission requests that pop up as
an app is downloading, according to a researcher at antivirus software vendor
McAfees discovery of the
data-stealing apps also is an indication that Googles new Bouncer security service, created to keep malware
out of the Google Play store, may not be able to catch everything.
In an April 13 post on McAfees official blog, Carlos
Castillo, a malware researcher with McAfee Labs, said the Android Trojan, aimed
at Android users in Japan, masqueraded as apps offering to display trailers of
upcoming Android video games or anime or Japanese adult videos.
According to Castillo, when the app
is downloaded and is about to be installed, two permissions are requestedone
to read the contact data on the Android device and the other to read the phone
state and identity. Neither of these permissions is needed for such
applications, he wrote, which should signal a warning to Android device users.
Once the permissions are granted,
users see a Web page indicating the trailer is loading. However, in the
background and unseen by the user, the malicious code takes sensitive
information from the device, including the Android ID, which Castillo said is a
64-bit number that is randomly generated the first time the Android device is
booted up and remains constant throughout the life of the device.
The read phone state permission
allows the malware to grab the phone number of the device, as well as the
names, phone numbers and email addresses of those people on the devices
contact list. The information is then sent to a remote server and, if that is
successful, the malware requests a specific video be sent to the same server.
The video is then shown using a VideoView component, Castillo wrote.
If the information is not
successfully sent to the serverfor example, the device is not connected to the
Interneta message pops up in Japanese saying that an error occurred keeping
the video from loading, he wrote.
McAfee identified 15 apps from two
different developers that had been downloaded about 70,000 times, according to
Google Play statistics. All the apps have been removed from the Google Play
store, Castillo said. The vendor detected the Trojan as Android/DougaLeaker.A.
McAfees discovery of the Japanese
Android Trojan came around the same time that security software vendor Sophos
said it had discovered a Trojan horse masquerading as the popular Angry Birds Space game from
Rovio. In that case, the Android Trojan comes from apps downloaded from
third-party, unofficial Android app stores, not the official Google Play site.
With the rising popularity of
smartphones in general, the growing market share and open market for Android in
particular, devices with the Google operating system are coming under
increasing attack from scammers, according to a report released in February by Juniper Networks.
According to the report, while
malware specifically targeted at mobile operating systems in generalincluding
Android, Apples iOS and Research In Motions BlackBerrygrew 155 percent
between 2010 and 2011, the incidence of malware in Android jumped 3,325