Researchers have uncovered a new Google Android Trojan that poses as a legitimate application to unleash a botnet onto an Android device to steal data and manipulate device function.
Security vendor Symantec recently noticed an increase in malware targeting Android's platform, which has become a go-to mobile platform for smartphones and tablets. And in a security alert issued Monday, the company warned of the new Android.Pjapps Trojan, which is spreading throughout Android via altered versions of legitimate applications hosted on unregulated third-party Android marketplaces.
The discovery comes as mobile device security threats attract cybercriminals and Google Android becomes a prime target. It also follows the recent discovery of a pair of other Google Android security threats, including Android.Adrd and Android.Geinimi.
"Similar to other compromised Android applications, it is difficult to differentiate the legitimate version from the malicious one once it is installed," Symantec wrote in a blog post highlighting the Android.Pjapps Trojan. However, during installation it is possible to identify the malicious version by the excessive permissions it requests. The images below show the installation process of a clean Steam Window application and a malicious one.
The Android.Pjapps Trojan, Symantec said, "masquerades itself as a popular 'Steamy Window' app [an app that mimics steam on the device's screen that can be wiped off with a finger swipe]. The legitimate features of the original app are still present in the malicious version, but it also features additional functionality that allows an attacker to build a botnet. Among other things, it is able to install applications, navigate to Web sites, add bookmarks to the user's browser, send text messages and block text message response. IT also sends sensitive user information back to the attacker."
Symantec said the Android.Pjapps Trojan could be designed to peddle ad campaigns and to obtain benefits from the use of third-party premium rate services at the Google Android user's expense.
To protect against threats like the Android.Pjapps Trojan and to avoid being victimized by Trojanized Google Android applications, Symantec offered a host of tips. According to Symantec, users should only use regulated Android marketplaces for downloading and installing Android apps; adjust Android OS application settings to stop the installation of non-market apps; and review other users' comments on the marketplace to assist in determining if an app is safe.
Symantec also suggested that during the installation of Android apps, users should check the access permissions being requested for installation. "If they seem excessive for what the application is designed to do, it would be wise to not install the application," Symantec said.
Lastly, Symantec said Google Android users should leverage mobile security tools that prevent the download of malicious apps and utilize mobile management tools to ensure devices are compliant and free of malware.
