Android Trojan poses as game of noughts and crosses
Goaml malware steals text messages and emails
A new Trojan that targets Android devices while pretending to be a game of noughts and crosses has been uncovered by security researchers.
According to Anton Kivva, antivirus analyst at Kaspersky Lab, the Gomal Trojan sports all of the usual spyware functionality, including the ability to record sounds, process calls and steal SMS messages.
The Tic-Tac-Toe malware also uses tools that provide access to various Linux services by attacking the Android operating system and can also read the device's process memory, which, according to Kivva, can jeopardise many communication applications.
Gomal also steals data from logcat the logging service built into Android that is used for application debugging. "Developers very often have their applications outputting critically important data to Logcat even after the apps have been released. This enables the Trojan to steal even more confidential data from other programs," said the security researcher.
The malware is capable of stealing emails from Good for Enterprise, a secure email client for corporate use, the researcher added. Data theft in this situation could lead to serious issues for the company where the device owner works.
"In order to attack Good for Enterprise, the Trojan uses the console to get the ID of the relevant process (ps command) and reads virtual file /proc//maps. The file contains information about memory blocks allocated to the application," said Kivva in a blog post.
The techniques used by Gomal were originally implemented in Windows Trojans, but have now progressed to Android malware.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
"What's more alarming is that this technique can adapt to steal data from other applications as well as Good for Enterprise it is likely that a range of mobile malware designed to attack popular email clients, messengers and other programs will appear in the near future," he said.
Rene Millman is a freelance writer and broadcaster who covers cybersecurity, AI, IoT, and the cloud. He also works as a contributing analyst at GigaOm and has previously worked as an analyst for Gartner covering the infrastructure market. He has made numerous television appearances to give his views and expertise on technology trends and companies that affect and shape our lives. You can follow Rene Millman on Twitter.