Android smartphone owners are being advised to stay vigilant and on the lookout for new evidence of increased malware intrusions, say Symantec researchers. One piece of malware called ‘Android.Pjapps’ has back door capabilities designed to target Android-based smartphones and hides within the Steamy Window app, which was not a porn search portal when we last checked.
Researchers on the Symantec blog point out that for some smartphone users new to the world of apps, it may prove difficult to disntinguish between the legitimate version and the infected malware variation. According to researcher Mario Ballano, the aim of Android.Pjapps is to build a botnet controlled by command and control (C & C) servers and then cause the usual havoc with the target’s phone details. It’s worth noting that the apps were not downloaded from the genuine Android Market. They were from an unregulated third-party Android marketplace.
Look carefully: It’s not too hard to tell the difference between the real app and the malware infected version if you’re paying attention to key areas such as the title and what functionalities the app will approve. Image credit: Symantec
Guitar app called ‘Mother of all malware’ threats
In another example of Android malware benefiting from the lax security offered by unverified apps hitting the Android market, a crafty piece of malware contains a binary root exploit capable of doing similar damage as the Android.Pjapps code has been discovered recently. According to Android Police, the malware is hidden in an app that tried to emulate the popular Guitar Solo Lite with an app called ‘Super Guitar Solo’, in addition to 21 other apps that have been downloaded more than 50,000 times reports the Android watch dog (and all have since been removed).
The nature of these Android threats typically allow attackers to take control of a person’s phone, by capturing IMEI data and hijacking the phone in order to dial premium SMS services and push ad campaigns offered by dubious third parties. Food for thought if you’re hanging around the Android Market next time.
Update:
[via Symantec and Android Police]
Braycen Jackwitz
Wednesday, March 2, 2011 at 3:57 PMI think I’ll stick with my iPhone for now
(And the trolls will appear in 3…2…1…)
:P
matt
Wednesday, March 2, 2011 at 4:32 PMumm…
you’re the only one who is trolling…
Braycen Jackwitz
Wednesday, March 2, 2011 at 5:29 PMSorry, I’m not trying to be a troll, I’m just pointing out that sometimes Apple’s walled garden approach has benefits.
The trolls I’m talking about are the kind that come in and just start spouting there mouth of in rage without properly thinking through the entire issue.
BTW is troll the right word? Or should I be using some other word?
Leo W'ski
Wednesday, March 2, 2011 at 9:49 PM+1 – I think I can handle a “signal-loss” (Which doesnt occur in a case) over having my personal details and credit card raped by malware.
CodingCaveman
Wednesday, March 2, 2011 at 4:08 PMGuitar Solo Lite is the original version on the Market and does not contain any malware. The pirated app was called Super Guitar Solo and has since been removed from the Market.
Daniel Long
Wednesday, March 2, 2011 at 4:17 PMThanks and Updated.
Software Dude
Sunday, March 6, 2011 at 5:40 PMUnfortunately it doesn’t matter whether the app was removed from the store or not. The virus is in the wild.
This particular virus opened a channel that allowed additional code to be downloaded and run – very sloppy OS to allow that. If even one handset downloaded the next ‘installment’ of the virus then it will continue to propagate. In fact, it’s possible for the virus to change the handset so that even a hard reset cannot get rid of it.
You can’t unscramble an egg. This will likely continue to plague Android for years to come.