The Inquirer-Home

Criminals step up Android malware attacks

The Roar of the Pharaoh packs a hidden Trojan
Thu Mar 29 2012, 12:20

SECURITY EXPERTS warned today that criminal groups are stepping up efforts to target Android mobile owners, after the discovery of a Trojan that harvests personal data before sending SMS messages to premium-rate phone numbers.

The latest malware to be detected purports to be a legitimate Chinese game called The Roar of the Pharaoh, but it packs a hidden Trojan called Andr/Stiniter-A.

This Trojan, according to researchers at Sophos, is "rather unusual" in that it does not request any specific permissions during installation, which should be a dead giveaway for tech-savvy users.

Sophos reports that the Trojan infected version is being distributed on unofficial download web sites and is proving popular, since the genuine game is not distributed on Google Play.

After an unwary Android owner has installed the "game", the malware harvests information such as IMEI number, phone model, screen size, platform and phone number. It also records the platform and OS version. This data is sent to the malware's authors.

"Like many other mobile Trojans, this one sends SMS messages to premium rate SMS numbers and is capable of reading your SMSs as well," Sophos reported.

"Criminals love the free money laundering service provided by mobile phone providers. They can setup premium rate SMS numbers in Europe and Asia with little difficulty. The mobile phone companies provide the payment processing and the bad guys have their money and are long gone before you ever receive the phone bill with the fraudulent charges."

To make detection harder the Trojan runs as a service named "GameUpdateService". µ

 

Share this:

blog comments powered by Disqus
Advertisement
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

Advertisement
INQ Poll

Coding challenges

Who’s responsible for software errors?