April 15, 2011
The Android.Spy malware family targeting Android became well known in autumn 2010. In addition to retrieving and modifying contacts and short message information, sending SMS, and positioning, Android.Spy can also set themselves to be launched automatically. Some variations can also be loaded when the smart phone is turned on, but their purpose is to collect the smart phone's ID information, set certain search parameters in the search engine forms and to open links.
The new Android.Spy modification was discovered by Doctor Web's analysts on April 12, 2011. On the same day it was added to the Dr.Web virus database. For now only Dr.Web detects this piece of malware. It is worth mentioning that malicious programs for Android appear with increasing frequency. Only two weeks ago a new version of SMS Trojan Android.SmsSend was discovered.
Android.Spy.54 was found on the Chinese Internet resource www.nduoa.com — a web-site offering a collection of applications for the Android platform. The Trojan horse was the part of the program Paojiao - the widget, allowing users to make calls or send SMS to selected numbers. Spreading with a legitimate program is a standard model for the malware family Android.Spy.
The new modification of Android.Spy registers a background service, which connects to a malicious site and sends to criminals the victim's identity information (such as the IMEI and IMSI). In addition, the Trojan horse downloads an xml-file containing commands that make it start sending spam SMS from the compromised device and add certain sites to the browser bookmarks.
If a program unexpectedly requires additional privileges for its operation, it indicates that the application you are installing incorporates malicious features. For example, if a genuine game only needs access to the Internet, an infected version will ask for higher privileges. If you know that an application that caused your concern, is not supposed to work with SMS, calls, contacts, etc., it is not recommended to install it. In addition, to protect your smart phone, you can use Dr.Web for Android, available for download from the Android Market and Doctor Web's site.
Tell us what you think
You will be awarded one Dr.Webling per comment. To ask Doctor Web’s site administration about a news item, enter @admin at the beginning of your comment. If your question is for the author of one of the comments, put @ before their names.