The latest malware targeting users of Android devices is trying to lure victims into downloading an app called Infrared X-Ray, and is spreading quickly by tapping into victims' contacts and spamming them with SMS messages.
The new SMS Trojan was analyzed by Symantec researchers in Japan. The cybercriminals behind the campaign are using a malicious application to tap into the victim's contacts rather than sending out text messages themselves, wrote Joji Hamada, a Symantec threat researcher in the company blog.
"This allows the recipients of the spam to be tricked easier because the invitation to download the app is coming from someone they know rather than from an unknown sender," Hamada said.
The app steals all details in the device's contact list. "Not surprisingly, the app does not work as per advertised and a picture of man holding up his middle finger stating that the victim is a pervert is displayed," Hamada wrote.
Several variants of the malware exist and some versions attempt one-click fraud, Hamada said. Victims are given details about pornographic websites while their contact information is uploaded to a remote server. The app attempts to charge a registration fee and threatens the victim that it will send a message to every person in the contact list if the fee isn't paid promptly.
"In order to make it difficult for the victim to uninstall the app, it removes itself from the launcher after it is initially executed, although it can be removed in Applications under Settings," Hamada wrote.
SMS Trojans are among the most virulent threats on Android devices, according to studies provided by security firms. A recent mobile threat report issued by antivirus vendor F-Secure found that nearly 80 percent of all mobile malware targeted Android devices in 2012, primarily driven by malicious apps in third-party app stores.
F-Secure warned that malware authors are developing more sophisticated attack techniques for mobile devices, using encryption and randomization or hiding malicious code in image files. Malware also was discovered on bootleg copies of the Angry Bird game, the firm said.
"Over the year, Android threats have continued to improve their techniques in evading detection and their methods of infection, yet nothing much has changed in their operation in collecting profit," F-Secure said. "The majority of malware discovered in Android markets are SMS-sending malware that reap profit from sending messages to premium numbers."
Symantec's Hamada said all device owners should refrain from clicking links in emails and SMS messages that aren't expected. Only download apps from trustworthy sources, he said.
PUBLISHED MARCH 18, 2013