Android users are being warned to check the source of any free apps they download, after it was discovered that fraudsters were cloning popular games and embedding them with a Trojan horse.
Users are being enticed to download the apps by being sent a random text message that has a download link embedded. After the app has been downloaded, it accesses the phone contacts list on the handset, and starts to send out thousands of junk SMS.
The threat was discovered by security company Cloudmark, and has also been picked up by Lookout Security. The threat has been dubbed 'SpamSoldier', and the primary method of transmission is via SMS.
The Trojan horse has been found hidden in popular titles such as Angry Birds Space and Need for Speed. The threat was first noted in October, and is spread under the guise of multiple titles from a server based in Hong Kong.
It has been noted that the attack is fairly simple and unsophisticated in its implementation, however it is effective, with users who have been infected ending up having thousands of texts sent from their phone.
As with most malware, the apps are not downloaded from the Google Play Store, but from third party sites. Whilst apps from third party sites can be perfectly fine to download, more care is needed to prevent inadvertently downloading infected games and apps. Generally downloading apps from unsolicited text messages should always be avoided, as should downloading 'free' apps that are usually paid for.
As well as sticking to recognised app stores, it is prudent to have a recognised security app installed on your device, that can scan apps before they are installed and warn of malware. Always check the permissions requested by an app before installing it, and if you are unsure, don't install it.
No comments:
Post a Comment