Sneaky Android threats still rising

News
By Tom Brewster
published

Android threats are becoming increasingly prevalent, Symantec warns, with one notable piece of malware hiding in a Steamy Window app.

Android

Android malware is still on the rise as hidden threats become an increasing concern, according to security giant Symantec.

There are some particularly nasty new threats emerging within apps in particular a Trojan known as Android.Pjapps, which has been propagating through compromised versions of legitimate applications.

One application where the Android.Pjapps code has been seen hiding is known as Steamy Window.

"Similar to other compromised Android applications, it is difficult to differentiate the legitimate version from the malicious one once it is installed," explained Mario Ballano, a Symantec researcher, in a blog post.

In the illegitimate version, permissions included access to both SMS messages and personal data, Ballano explained.

Both the legitimate and malicious versions of the app mimic a steam effect on the Android device's screen, but the latter can install applications, navigate to websites, add bookmarks to the user's browser, send SMS messages and block text message responses.

"The aim of Android.Pjapps is to build a botnet controlled by a number of different Command and Control (C&C) servers," Ballano continued.

"The threat registers its own service to operate in the background without the user noticing. The service will be started whenever the signal strength of the infected mobile changes."

Android.Pjapps then attempts to connect to a C&C server to register the infection.

"It then awaits for a response, and if commanded it will send a message with the infected device's IMEI number to a mobile number," the researcher explained.

"This mobile number is meant to be controlled by the attacker. By using this technique the attacker hides his identity within the cloud.'"

Once an attacker has control, they can send commands to the phone. One appears to be able to force the user's phone to send text messages to premium rate numbers, whilst another carries out SMS spamming.

"Looking at the threat's capabilities we believe it has been designed to push advertisement campaigns and to reap the benefits from compromised devices using third-party, premium-rate services," Ballano added.

Towards the end of last year, research found malware aimed at Google's Android mobile operating system rose fourfold in 2010, compared to 2009.

Tom Brewster
Tom Brewster

Tom Brewster is currently an associate editor at Forbes and an award-winning journalist who covers cyber security, surveillance, and privacy. Starting his career at ITPro as a staff writer and working up to a senior staff writer role, Tom has been covering the tech industry for more than ten years and is considered one of the leading journalists in his specialism.

He is a proud alum of the University of Sheffield where he secured an undergraduate degree in English Literature before undertaking a certification from General Assembly in web development.