New Android Malware Steals Personal Data.
New Android Malware
Steals Personal Data.
Symantec has identified New malware targeting Google Android
devices that collects personal data.
The malware, detected as
Android.Exprespam, is spread through the spamming of links to fake Google Play
pages. These pages are hosted on a server located in Washington.
We have confirmed nine different app pages on this site, although the
downloaded app is the same in each case," according to Hamada. "A
couple of the fake app pages resemble the type of fake tools used by older
malware, but most are new types of fake tools. The scammers have made available
a variety of apps in the hope that it increases the chances of the apps being
installed. This is a distinct ramping up of activities as older malware
masqueraded at most as three apps on a site simultaneously. The installation screen
displays the permissions the malware requests, which include access to personal
information, the phone state and identity and account information. Legitimate
applications generally do not request these permissions, the researcher noted.
"Once installed and
opened, the malware informs the user that the app is incompatible with the
device," Hamada noted. "However, personal data is sent
surreptitiously to a server."
Unlike other types of
malware, it uses Secure Sockets Layer (SSL) protocol to upload the information
that it steals so that it is encrypted.
"So why would the creators go out of their way to do
encrypt the stolen information? It is only speculation on my part but perhaps
it may be in order to make it look like they were taking measures to protect
the collected data in the same manner as a responsible business," the
researcher blogged. "It is possible that the malware author(s) may use
this in their defense if they are ever arrested
Comments