Trojan Android games send expensive SMS messages

Filed Under: Android, Featured, Malware, Mobile

Roar of the Pharoah Android gameCriminals continue to target the Android mobile platform churning out additional variants to line their pockets.

The latest sample pretends to be a legitimate Chinese game called "The Roar of the Pharaoh". The real game is not distributed on Google Play (the new name for the Android Marketplace).

This presents a challenge for people who wish to play the real game as the version we have in SophosLabs has a Trojan attached and is being distributed on unofficial download sites as well.

Sophos is detecting the malicious version as Andr/Stiniter-A. This Trojan is rather unusual as it doesn't ask for any specific permissions during installation, which is often an indicator an application is up to no good.

Once installed the malicious application gathers sensitive information (IMEI, IMSI, phone model, screen size, platform, phone number, and OS version) and sends it off to the malware's authors.

Like many other mobile Trojans, this one sends SMS messages to premium rate SMS numbers and is capable of reading your SMSs as well.

The malware masquerades as a service called "GameUpdateService", a very plausible name for a legitimate app if you went snooping around for what might be running on your device.

TGLoader urlsThe malware also attempts to communicate with four .com domains with a path of "tgloader-android", leading some to refer to this Trojan as TGLoader.

Criminals love the free money laundering service provided by mobile phone providers. They can setup premium rate SMS numbers in Europe and Asia with little difficulty.

Mobile phone payments courtesy of ShutterstockThe mobile phone companies provide the payment processing and the bad guys have their money and are long gone before you ever receive the phone bill with the fraudulent charges.

As always, be sure to only install applications from official sources for the safest smartphone experience. While the sophistication of today's mobile malware is quite low, this won't remain true if there is a buck to be made.

Mobile phone payment image courtesy of Shutterstock.

, , , ,

You might like

2 Responses to Trojan Android games send expensive SMS messages

  1. Michael · 902 days ago

    Smartphones are basically personal computers, and as with any personal computer, the owners can install software and malware on them. The problem is so many people don't understand that concept yet - most of them are consumers who expect Google, Apple and whatever to handle everything, to sort the good 'apps' from the bad. This consumerisation makes the users easy prey for criminals who know how to leverage the technology.

  2. Pat · 902 days ago

    shouldn't the companies who sell or offer free apps test them first before they go public. If they don't then these companies should be responsible for any damages done to their users and their devices. These companies should also know who these app makers are and make them responsible too.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Chester Wisniewski is a Senior Security Advisor at Sophos Canada. He provides advice and insight into the latest threats for security and IT professionals with the goal of providing clear guidance on complex topics. You can follow Chester on Twitter as @chetwisniewski, on App.net as Chester, Chester Wisniewski on Google Plus or send him an email at chesterw@sophos.com.