Symantec: Android Malware Bilks Contacts, Infects Thousands


A new Trojan horse for Android smartphones and tablets may have scammed thousands of device owners out of giving up their personal information and contacts, according to an analysis conducted by Symantec researchers.

Called Exprespam, the malware has been steadily infecting victims in Japan by setting up phony third-party Google Play markets. Victims are lured to the third-party mobile app stores by clicking on a link to the malicious website.

The Trojan was detected Jan. 6 and was designed to check the phone's current state, access the device's account service, open network connections and read the user's contacts data. Victims who install the app will receive two fake messages, one stating that the app is initializing and another stating that the app is not compatible with the device. Once the app is uninstalled, the data is already stolen.

[Related: Kaspersky: SMS Trojans Account For Over Half Of Smartphone Malware]

Symantec threat researcher Joji Hamada estimates that the phony websites were visited thousands of times. While the number of Trojan infections was fewer, it resulted in stealing a lot of personal data, according to Hamada, who wrote about the Android malware in a Symantec blog post.

"I calculated that the scammers may have stolen between 75,000 and 450,000 pieces of personal information," wrote Hamada.

Security experts have been warning about the rising number of mobile malware targeting mainly Android devices. So far the attacks have been limited to specific locations such as Asia and Eastern European countries. But, a recent study conducted by B2B International and Kaspersky Lab found that enterprises are worried that mobile threats could have an impact on business.

Exprespam is third in a line of phony mobile applications that Hamada and other researchers believe are coming from the same cybercriminal gang. Dougalek, an Android Trojan that masquerades as a video, duped thousands into giving up thousands of contacts. It was suspected in stealing data from more than 90,000 devices. Meanwhile Ackposts Android malware lures victims by promising better battery life.

While the majority of Android malware is dominated by SMS Trojans, designed to rack up premium text message charges, phony apps such as Exprespam are designed to steal data that could be used for other nefarious purposes. Symantec warns users to only open links and attachments from users they trust and avoid third-party mobile app stores where malware infections are more common.

PUBLISHED JAN. 22, 2013