Sneaky Android threats still rising

By

Android threats are becoming increasingly prevalent, Symantec warns, with one notable piece of malware hiding in a Steamy Window app.

Android malware is still on the rise as hidden threats become an increasing concern, according to security giant Symantec.

Sneaky Android threats still rising

There are some particularly nasty new threats emerging within apps – in particular a Trojan known as Android.Pjapps, which has been propagating through compromised versions of legitimate applications.

One application where the Android.Pjapps code has been seen hiding is known as Steamy Window.

“Similar to other compromised Android applications, it is difficult to differentiate the legitimate version from the malicious one once it is installed,” explained Mario Ballano, a Symantec researcher, in a blog post.

In the illegitimate version, permissions included access to both SMS messages and personal data, Ballano explained.

Both the legitimate and malicious versions of the app mimic a steam effect on the Android device’s screen, but the latter can install applications, navigate to websites, add bookmarks to the user’s browser, send SMS messages and block text message responses.

“The aim of Android.Pjapps is to build a botnet controlled by a number of different Command and Control (C&C) servers,” Ballano continued.

“The threat registers its own service to operate in the background without the user noticing. The service will be started whenever the signal strength of the infected mobile changes.”

Android.Pjapps then attempts to connect to a C&C server to register the infection.

“It then awaits for a response, and if commanded it will send a message with the infected device’s IMEI number to a mobile number,” the researcher explained.

“This mobile number is meant to be controlled by the attacker. By using this technique the attacker hides his identity within the ‘cloud.’”

Once an attacker has control, they can send commands to the phone. One appears to be able to force the user’s phone to send text messages to premium rate numbers, whilst another carries out SMS spamming.

“Looking at the threat’s capabilities we believe it has been designed to push advertisement campaigns and to reap the benefits from compromised devices using third-party, premium-rate services,” Ballano added.

Towards the end of last year, research found malware aimed at Google’s Android mobile operating system rose fourfold in 2010, compared to 2009.

This article originally appeared at itpro.co.uk

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © ITPro, Dennis Publishing
Tags:
androidmobile securitysecurity

Sponsored Whitepapers

See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Diamond IT Delivers GRC Transformation with Microsoft Purview
Diamond IT Delivers GRC Transformation with Microsoft Purview
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy

Events

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers
Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies
Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames
Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?