Sophos Cloud Optix
Criminals continue to target the Android mobile platform churning out additional variants to line their pockets.
The latest sample pretends to be a legitimate Chinese game called “The Roar of the Pharaoh”. The real game is not distributed on Google Play (the new name for the Android Marketplace).
This presents a challenge for people who wish to play the real game as the version we have in SophosLabs has a Trojan attached and is being distributed on unofficial download sites as well.
Sophos is detecting the malicious version as Andr/Stiniter-A. This Trojan is rather unusual as it doesn’t ask for any specific permissions during installation, which is often an indicator an application is up to no good.
Once installed the malicious application gathers sensitive information (IMEI, IMSI, phone model, screen size, platform, phone number, and OS version) and sends it off to the malware’s authors.
Like many other mobile Trojans, this one sends SMS messages to premium rate SMS numbers and is capable of reading your SMSs as well.
The malware masquerades as a service called “GameUpdateService”, a very plausible name for a legitimate app if you went snooping around for what might be running on your device.
The malware also attempts to communicate with four .com domains with a path of “tgloader-android”, leading some to refer to this Trojan as TGLoader.
Criminals love the free money laundering service provided by mobile phone providers. They can setup premium rate SMS numbers in Europe and Asia with little difficulty.
The mobile phone companies provide the payment processing and the bad guys have their money and are long gone before you ever receive the phone bill with the fraudulent charges.
As always, be sure to only install applications from official sources for the safest smartphone experience. While the sophistication of today’s mobile malware is quite low, this won’t remain true if there is a buck to be made.
Mobile phone payment image courtesy of Shutterstock.
Smartphones are basically personal computers, and as with any personal computer, the owners can install software and malware on them. The problem is so many people don't understand that concept yet – most of them are consumers who expect Google, Apple and whatever to handle everything, to sort the good 'apps' from the bad. This consumerisation makes the users easy prey for criminals who know how to leverage the technology.
shouldn’t the companies who sell or offer free apps test them first before they go public. If they don’t then these companies should be responsible for any damages done to their users and their devices. These companies should also know who these app makers are and make them responsible too.