Malicious Android app taps user contacts

Mobile threat

A malicious Android app, impersonating a legitimate application, has been spotted texting all contacts from users' phonebooks.

Once downloaded, the purported copy of Incorporateapps' Walk and Text app, which contains none of the functionality of the original, took phone data and sent texts, which were charged to the sender.

Data targeted by the malicious app, which Android owners could have downloaded from a variety of forums and file sharing sites, included phone numbers and IMEI codes.

The Trojanised app also recommended users installed the legitimate version of the application and even forwarded them to the official Android Market page, begging the question who was behind the fake app.

"One possibility is that it was a fan of Incorporateapps applications who attempted to protect the company from piracy," said Vanja Svajcer, principal virus researcher at SophosLabs, on a blog.

"Another possibility is that it was somebody who wanted to damage the company's reputation so that it appears that they stand behind the attack. The jury on that one is still out there."

The mobile security space could be set for an explosion in activity this year.

Despite attacks being low in quantity compared to PCs, McAfee claimed it saw a spike in mobile security threats in 2010.

The number of pieces of new mobile malware the firm found in 2010 rose 46 per cent over 2009.

As hackers often go for the lowest hanging fruit, Android owners may want to be particularly wary, given research this week indicated the platform was now more popular than Apple's iOS.

Tom Brewster

Tom Brewster is currently an associate editor at Forbes and an award-winning journalist who covers cyber security, surveillance, and privacy. Starting his career at ITPro as a staff writer and working up to a senior staff writer role, Tom has been covering the tech industry for more than ten years and is considered one of the leading journalists in his specialism.

He is a proud alum of the University of Sheffield where he secured an undergraduate degree in English Literature before undertaking a certification from General Assembly in web development.