Criminals continue to target the Android mobile platform churning out additional variants to line their pockets.
The latest sample pretends to be a legitimate Chinese game called “The Roar of the Pharaoh”. The real game is not distributed on Google Play (the new name for the Android Marketplace).
This presents a challenge for people who wish to play the real game as the version we have in SophosLabs has a Trojan attached and is being distributed on unofficial download sites as well.
Sophos is detecting the malicious version as Andr/Stiniter-A. This Trojan is rather unusual as it doesn’t ask for any specific permissions during installation, which is often an indicator an application is up to no good.
Once installed the malicious application gathers sensitive information (IMEI, IMSI, phone model, screen size, platform, phone number, and OS version) and sends it off to the malware’s authors.
Like many other mobile Trojans, this one sends SMS messages to premium rate SMS numbers and is capable of reading your SMSs as well.
The malware masquerades as a service called “GameUpdateService”, a very plausible name for a legitimate app if you went snooping around for what might be running on your device.
The malware also attempts to communicate with four .com domains with a path of “tgloader-android”, leading some to refer to this Trojan as TGLoader.
Criminals love the free money laundering service provided by mobile phone providers. They can setup premium rate SMS numbers in Europe and Asia with little difficulty.
The mobile phone companies provide the payment processing and the bad guys have their money and are long gone before you ever receive the phone bill with the fraudulent charges.
As always, be sure to only install applications from official sources for the safest smartphone experience. While the sophistication of today’s mobile malware is quite low, this won’t remain true if there is a buck to be made.
Mobile phone payment image courtesy of Shutterstock.