Android malware is still on the rise as hidden threats become an increasing concern, according to security giant Symantec.
There are some particularly nasty new threats emerging within apps in particular a Trojan known as Android.Pjapps, which has been propagating through compromised versions of legitimate applications.
One application where the Android.Pjapps code has been seen hiding is known as Steamy Window.
"Similar to other compromised Android applications, it is difficult to differentiate the legitimate version from the malicious one once it is installed," explained Mario Ballano, a Symantec researcher, in a blog post.
In the illegitimate version, permissions included access to both SMS messages and personal data, Ballano explained.
Both the legitimate and malicious versions of the app mimic a steam effect on the Android device's screen, but the latter can install applications, navigate to websites, add bookmarks to the user's browser, send SMS messages and block text message responses.
"The aim of Android.Pjapps is to build a botnet controlled by a number of different Command and Control (C&C) servers," Ballano continued.
"The threat registers its own service to operate in the background without the user noticing. The service will be started whenever the signal strength of the infected mobile changes."
Android.Pjapps then attempts to connect to a C&C server to register the infection.
"It then awaits for a response, and if commanded it will send a message with the infected device's IMEI number to a mobile number," the researcher explained.
"This mobile number is meant to be controlled by the attacker. By using this technique the attacker hides his identity within the cloud.'"
Once an attacker has control, they can send commands to the phone. One appears to be able to force the user's phone to send text messages to premium rate numbers, whilst another carries out SMS spamming.
"Looking at the threat's capabilities we believe it has been designed to push advertisement campaigns and to reap the benefits from compromised devices using third-party, premium-rate services," Ballano added.
Towards the end of last year, research found malware aimed at Google's Android mobile operating system rose fourfold in 2010, compared to 2009.
-
CronRat Magecart malware uses 31st February date to remain undetectedNews The malware allows for server-side payment skimming that bypasses browser security
-
Mekotio trojan continues to spread despite its operators’ arrestsNews Hackers have used it in 100 more attacks since arrests
-
“Trojan Source” hides flaws in source code from humansNews Organizations urged to take action to combat the new threat that could result in SolarWinds-style attacks
-
What is Emotet?In-depth A deep dive into one of the most infamous and prolific strains of malware
-
Fake AnyDesk Google ads deliver malwareNews Malware pushed through Google search results
-
Hackers use open source Microsoft dev platform to deliver trojansNews Microsoft's Build Engine is being used to deploy Remcos password-stealing malware
-
Android users told to be on high alert after Cerberus banking Trojan leaks to the dark webNews The source code for the authenticator-breaking malware is available for free on underground forums
-
Qbot malware surges into the top-ten most common business threats
News An evolved form of the banking Trojan was distributed by number one-ranking Emotet in a campaign that hit 5% of businesses globally
