mobilesecurity.com [Sydney, NSW] Joji Hamada blogged recently about an Android app featuring Anaru, the famous Anime character, that was being used to steal contact details from smartphones. At the time the app seemed to be in a testing phase, but the creators appear now to have moved to the next level and are actively enticing Android users to install the app.

Although the app has not changed since Joji’s previous blog, the Anaru malware, which Symantec detects as Android.Maistealer, is now hosted on multiple, dedicated websites that resemble Google Play. The app is not available on Google Play, only on these dedicated websites.

The app works as advertised when downloaded and installed, and so there’s no obvious reason to suspect that personal data had been stolen. However if the user pays close attention to the installation screen, they may notice that by installing the app it gives permission for it to read contact data. There’s really no need for this feature in order for this type of app to work.

Joji goes into more detail in his piece on Symantec’s Security Response blog, including how the authors use a dedicated website to distribute their Anaru app and how the same group also created a fake battery saver app called EnergyHelper1, which attempts to entice Android device owners frustrated by their device’s short battery life to download the app.

On mobilesecurity.com we recommend Android users to be cautious of suspicious emails, and when downloading apps, only visit established and trusted app markets. To further protect your device, always check mobilesecurity.com’s AppView section to see whether the app you’re downloading has suspicious tendencies – and look closely at the permissions required before installation, as these often reveal the app developer’s true intentions.