SECURITY RESEARCHERS have uncovered Android malware that claims to help you out by removing Carrier IQ spyware and unlock hidden functions.
Symantec and F-Secure have released details of scams in which users are tricked into downloading and using an app or web site to supposedly remove or unlock content. They have identified two such Trojans that instead send text messages to premium rate phone numbers.
Symantec said, "From our analysis, Android.Qicsomos is a modified version of an open source project meant to detect Carrier IQ on a device, with additional code to dial a premium SMS number."
This first Trojan gets to work when the user presses an uninstall button in the app and it sends four text messages to a premium rate number then starts an uninstall sequence to remove the app.
The second threat is a fake and malicious Russian Android market, which claims to scan your device for possible errors and new features that the vendor has hidden. A download link once the scan is complete gets a file that sends text messages to a premium rate phone number.
F-Secure said, "The idea is that the manufacturers would then earn money through an OS update that unlocks the hidden features. This site claims to check your phone for such hidden features and unlock them."
Mikko Hypponen at F-Secure tweeted:
Criminals have turned to mobile malware due to the recent increase in the adoption of smartphones. However, it is unclear whether these types of threats will reach the level of significance associated with desktop malware.
"With all the bold predications being made about the state of the mobile threat landscape in 2012, one can be forgiven for being little sceptical about their significance. But to any sceptics out there, I can assure you some concerns, such as this threat, are not without merit," said a researcher at Symantec. µ
Sign up for INQbot – a weekly roundup of the best from the INQ