BBC writes smartphone spyware, and Android malware developments

BBC technology correspondent Mark Ward has shown TV viewers today how easy he found it to create spyware that could steal contacts and SMS text messages from a smartphone.

The good news is that the BBC doesn’t appear to have broken any laws (unlike when the BBC Click programme controversially hijacked a botnet of 22,000 computers and told them to each send 500 spam emails).

In this latest broadcast, Mark Ward’s smartphone spyware – which was disguised as a crude noughts-and-crosses game – was not uploaded to an app store, and was only downloaded onto a single handset. In other words, it appears to have been a “laboratory” experiment done as a proof-of-concept.

Of course, it didn’t prove anything that we didn’t already know – but there’s no denying that it will have helped raise awareness amongst some people that care needs to be taken over which applications are run on a smartphone, just as it should be over what programs are installed on a Windows PC or Mac.

Android malware
Coincidentally, today our friends at Kaspersky are reporting on an Android Trojan horse that sends SMS text messages to a premium-rate number.

From the sound of things, the malware is only likely to be a concern to Russian smartphone owners – but we are currently analysing our sample and will be issuing detection as Troj/Fakplay-A.

It appears that the Android malware is very simple, and was specifically made for the Russian market. For instance, when run it displays a message in Russian which says something like “Press OK to access the video <name>”.

The Fakplay Trojan horse wasn’t distributed via the Android Marketplace – meaning that only users who were tempted into installing an unauthorised “Movie Player” app could have been exposed to the risk of infection.