Don't Go Chasing Waterfalls
www.mobilesecurity.com [London, UK] More news from Symantec’s Security Response team as another new strain of Android malware has been discovered on third-party app markets. Flora Liu provides more detail in her article on the Security Response Blog, and explains that 18 Trojanised apps have been discovered which carry the Android.Vdloader malware, and are able to extract data such as IMEI and phone numbers, details of the device that has been compromised, and a list of installed apps on that device, and sends this data to a server that collates all the information.
In addition to extracting personal information, the compromised devices appear to connect to the server, at which point they receive commands that attempt to send SMS messages and to download additional apps. It’s been noted that wallpaper depicting a beautiful waterfall may appear on the compromised devices after the threat has been installed, another sign that malware authors are attempting to disguise their true purpose by giving users the impression a genuine app has been installed.
Whilst the malware guys are still finding their feet in the Android space, this discovery serves to reinforce a message that’s as true on mobile devices as it is on Windows and other platforms. Only install apps and software that you know comes from a legitimate developer – and a trusted app market – and pay attention to the permissions that are requested by any app you install. Check the App Permission Comparison widget or our AppView site for more details on any Android app before you go ahead and install something you don't know on your device.