BBC writes smartphone spyware, and Android malware developments

Filed Under: Data loss, Malware, Mobile

BBC technology correspondent Mark Ward has shown TV viewers today how easy he found it to create spyware that could steal contacts and SMS text messages from a smartphone.

The good news is that the BBC doesn't appear to have broken any laws (unlike when the BBC Click programme controversially hijacked a botnet of 22,000 computers and told them to each send 500 spam emails).

In this latest broadcast, Mark Ward's smartphone spyware - which was disguised as a crude noughts-and-crosses game - was not uploaded to an app store, and was only downloaded onto a single handset. In other words, it appears to have been a "laboratory" experiment done as a proof-of-concept.

Of course, it didn't prove anything that we didn't already know - but there's no denying that it will have helped raise awareness amongst some people that care needs to be taken over which applications are run on a smartphone, just as it should be over what programs are installed on a Windows PC or Mac.

Android malware
Coincidentally, today our friends at Kaspersky are reporting on an Android Trojan horse that sends SMS text messages to a premium-rate number.

From the sound of things, the malware is only likely to be a concern to Russian smartphone owners - but we are currently analysing our sample and will be issuing detection as Troj/Fakplay-A.

It appears that the Android malware is very simple, and was specifically made for the Russian market. For instance, when run it displays a message in Russian which says something like "Press OK to access the video <name>".

The Fakplay Trojan horse wasn't distributed via the Android Marketplace - meaning that only users who were tempted into installing an unauthorised "Movie Player" app could have been exposed to the risk of infection.

, , ,

You might like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley is an award-winning security blogger, and veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.