Android malware is still on the rise as hidden threats become an increasing concern, according to security giant Symantec.
There are some particularly nasty new threats emerging within apps – in particular a Trojan known as Android.Pjapps, which has been propagating through compromised versions of legitimate applications.
One application where the Android.Pjapps code has been seen hiding is known as Steamy Window.
“Similar to other compromised Android applications, it is difficult to differentiate the legitimate version from the malicious one once it is installed,” explained Mario Ballano, a Symantec researcher, in a blog post.
In the illegitimate version, permissions included access to both SMS messages and personal data, Ballano explained.
Both the legitimate and malicious versions of the app mimic a steam effect on the Android device’s screen, but the latter can install applications, navigate to websites, add bookmarks to the user’s browser, send SMS messages and block text message responses.
“The aim of Android.Pjapps is to build a botnet controlled by a number of different Command and Control (C&C) servers,” Ballano continued.
“The threat registers its own service to operate in the background without the user noticing. The service will be started whenever the signal strength of the infected mobile changes.”
Android.Pjapps then attempts to connect to a C&C server to register the infection.
“It then awaits for a response, and if commanded it will send a message with the infected device’s IMEI number to a mobile number,” the researcher explained.
“This mobile number is meant to be controlled by the attacker. By using this technique the attacker hides his identity within the ‘cloud.’”
Once an attacker has control, they can send commands to the phone. One appears to be able to force the user’s phone to send text messages to premium rate numbers, whilst another carries out SMS spamming.
“Looking at the threat’s capabilities we believe it has been designed to push advertisement campaigns and to reap the benefits from compromised devices using third-party, premium-rate services,” Ballano added.
Towards the end of last year, research found malware aimed at Google’s Android mobile operating system rose fourfold in 2010, compared to 2009.