Security experts are warning of yet more malicious applications found on Google’s official online apps market Play, this time designed to steal personal data in the background while promising to show trailers for Japanese anime, video games and porn.
McAfee malware researcher Carlos Castillo explained in a blog post that the new Android Trojan had been discovered in 15 applications on Google Play so far and downloaded by at least 70,000 users.
The malware, specifically designed to target Japanese users, is hidden in apps which show internet-based video trailers.
On installation, the malicious apps request the user grants them permission to read contact data and read phone state and identity which.
If granted by the user, this will enable them to pilfer Android ID, phone number and the victim’s entire contacts list including names, email addresses and phone numbers.
It will then attempt to send the data in clear text to a remote server and, if successful, will request a video from that same server to display, said Castillo.
“Due the privacy risk that these applications represent to Android customers, all of them have been removed from the market,” he cautioned.
“McAfee Mobile Security detects these threats as Android/DougaLeaker.A. Users should verify in the Google Play market prior installation that the application does not request permission to perform actions not related to its purpose.”
Google’s relatively open Android ecosystem has led to a huge surge in malware hidden in legitimate looking applications.
Apart from data-sucking Trojans, cyber criminals have looked to distribute apps containing premium dialler malware, SMS fraud Trojans and malware designed to turn a user’s handset into a bot.
Worryingly, two-thirds of Android anti-malware scanners are not up to the task, according to recent research from AV-Test.
The firm said that there are more than 11,000 strains of malware in the wild targeted at the platform – a figure growing at some pace. ®
A new Trojan has been found, and removed, from the Google Play/Android Market, McAfee reported on Friday afternoon.
The Trojan hid itself in applications that promised trailers of upcoming Japanese-language video games, or those that offered scenes from anime or adult Japanese videos, McAfee reported on its blog.
McAfee Mobile Security detects these threats as Android/DougaLeaker.A, the company said.
McAfee said that the fifteen malicious applications of this sort had been found on Google Play, and that all had been removed from the market. However, McAfee employee Carlos Castillo reported that users should beware applications like these that promise to display video content, then ask for permissions they shouldn’t otherwise need – in this case, “read contact data” and “read phone state and identity”.
In this case, the app gathers the Android ID – not the IMEI code that can uniquely identify the device, but the 64-bit number that is randomly generated on the device’s first boot and remains with it for the life of the device. The app also harvests the phone’s phone number and contact list, along with every name, phone number, and email of every person in the contact list.
As the data is being harvested, the app displays a “loading” message. If the app is successful at harvesting the data, the video will play; otherwise, an error message is generated, McAfee said.
For more from Mark, follow him on Twitter @MarkHachman.
For the top stories in tech, follow us on Twitter at @PCMag.
Article source: http://www.pcmag.com/article2/0,2817,2403047,00.asp