Android Worm Going Mobile

Friday, May 2, 2014 @ 06:05 PM gHale

A new piece of mobile malware, designed to infect Android mobile devices and carry out Trojan-like attacks is starting up in Russia, but could be crossing boarders pretty soon, researchers said.

“Android/Samsapo.A,” shares a characteristic similar to many worms – it spreads itself through automated systems, said researchers at security firm ESET. The automated process, in this case, is SMS messages.

Patched Router Not Really Patched
Backdoor Found in Routers
Innominate Fixes Heartbleed Hole
Weak Routers Bring DNS DDoS Attacks

Upon infection, the worm accesses and shoots out SMS messages to everyone in the victim’s contact list. The message it sends asks, “Is this your photo?” in Russian and contains a link that, when pressed, asks users to install the downloaded malicious APK file.

“It is not known how the first domino piece was set into motion, but the SMS spreading is the most interesting feature of this malware,” said Robert Lipovsky, a malware researcher with ESET. “It’s rather uncommon, since Android Trojans usually spread by masquerading as [sometimes cracked] legitimate apps.”

The worm is able to download malicious files from specified URLs, upload information on the mobile device to a remote server, register the phone number into a premium SMS service, block phone calls, and alter alarm settings, according to the post.

Although the worm can end up spotted as a running service on the device, ultimately, the malware can conceal itself by providing no graphical user interface, as well as no application icon, Lipovsky said, adding the best chance to spot it and stop it is during installation.

So far this is only in Russia, but it is quite likely to make its way to other countries, researchers said.

Leave a Reply

You must be logged in to post a comment.