Android Trojan poses as game of noughts and crosses

A new Trojan that targets Android devices while pretending to be a game of noughts and crosses has been uncovered by security researchers.

According to Anton Kivva, antivirus analyst at Kaspersky Lab, the Gomal Trojan sports all of the usual spyware functionality, including the ability to record sounds, process calls and steal SMS messages.

The Tic-Tac-Toe malware also uses tools that provide access to various Linux services by attacking the Android operating system and can also read the device's process memory, which, according to Kivva, can jeopardise many communication applications.

Gomal also steals data from logcat the logging service built into Android that is used for application debugging. "Developers very often have their applications outputting critically important data to Logcat even after the apps have been released. This enables the Trojan to steal even more confidential data from other programs," said the security researcher.

The malware is capable of stealing emails from Good for Enterprise, a secure email client for corporate use, the researcher added. Data theft in this situation could lead to serious issues for the company where the device owner works.

"In order to attack Good for Enterprise, the Trojan uses the console to get the ID of the relevant process (ps command) and reads virtual file /proc//maps. The file contains information about memory blocks allocated to the application," said Kivva in a blog post.

The techniques used by Gomal were originally implemented in Windows Trojans, but have now progressed to Android malware.

"What's more alarming is that this technique can adapt to steal data from other applications as well as Good for Enterprise it is likely that a range of mobile malware designed to attack popular email clients, messengers and other programs will appear in the near future," he said.