BBC writes smartphone spyware, and Android malware developments

by Graham Cluley on August 10, 2010 | Leave a comment

Filed Under: Data loss, Malware, Mobile

BBC technology correspondent Mark Ward has shown TV viewers today how easy he found it to create spyware that could steal contacts and SMS text messages from a smartphone.

The good news is that the BBC doesn't appear to have broken any laws (unlike when the BBC Click programme controversially hijacked a botnet of 22,000 computers and told them to each send 500 spam emails).

In this latest broadcast, Mark Ward's smartphone spyware - which was disguised as a crude noughts-and-crosses game - was not uploaded to an app store, and was only downloaded onto a single handset. In other words, it appears to have been a "laboratory" experiment done as a proof-of-concept.

Of course, it didn't prove anything that we didn't already know - but there's no denying that it will have helped raise awareness amongst some people that care needs to be taken over which applications are run on a smartphone, just as it should be over what programs are installed on a Windows PC or Mac.

Android malware
Coincidentally, today our friends at Kaspersky are reporting on an Android Trojan horse that sends SMS text messages to a premium-rate number.

From the sound of things, the malware is only likely to be a concern to Russian smartphone owners - but we are currently analysing our sample and will be issuing detection as Troj/Fakplay-A.

It appears that the Android malware is very simple, and was specifically made for the Russian market. For instance, when run it displays a message in Russian which says something like "Press OK to access the video <name>".

The Fakplay Trojan horse wasn't distributed via the Android Marketplace - meaning that only users who were tempted into installing an unauthorised "Movie Player" app could have been exposed to the risk of infection.

Tags: , , ,

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title="" rel=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <pre> <q cite=""> <strike> <strong>

About the author

Graham Cluley has worked in the computer security industry for more than 20 years, developing anti-virus software and doing quite a lot of talking about internet threats. He's won awards for his blogging, but is proudest of the text adventure games he wrote when he was still wearing short trousers. You can learn more about those (the games, not the trousers) at grahamcluley.com. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.