Android Trojan Records And Answers Incoming Phone Calls

Tagged: , , , , ,

Beware of the latest android trojan application:

When will Google wake up to malware in its marketplace? The newest Trojan that is currently masquerading as a Google+ application has the ability to record your calls, answer your phone and execute remote commands via SMS to the handset, sounds scary?

The Trojan known as ADROIDOS_NICKISPY.C displays a Google + icon on your phone and is installed under the name Google++, like most android Trojans we have reported on, the variant in the name is pretty small and many would not suspect a thing before downloading and getting infected.

NickiSpy strikes again:

Android Trojan
Android Trojan

The online security experts Symantec have detected a new variant of the nickispy malware that could record calls, although according to Irfan Asrar analyst at Symantec security response, it was noted that the third party application would need physical access to your handset to retrieve the recordings.

Trend Micro’s Balanza says:

“What makes this particular variant different is that it has the capability to automatically answer incoming calls,”

So how does this trojan actually work?

Basically what happens when you receive a call is that the latest nickispy variant will intercept your incoming voicecall and once detected from the remote control number contained within the configuration file, the trojan has the ability to then put your phone on silent though it is noted that your phone needs to be in a rest state i.e the screen be turned off for it to work and the current screen be set to the homepage and not to display information about the incoming call, a fairly common set up I imagine.

Call intercept only works on older android phones:

According to Balanza in versions 2.3 + the android OS has modify_phone_state permission disabled which means that only 2.2 and earlier are susceptible to this part of the trojan.

What other services does this trojan access?

This trojan has the ability to gather GPS location data, text message and call logs, and can then with the aid of port 2018 transmit this data to a remote server.

The trojan actually has access to 19 separate services, with the ability to access alarms, read and send SMS messages, and lock your keypad.

Android users 2.5 times more likely to be infected that 6 months ago, with hundreds of thousands now reporting issues. A massive leap from 12 months ago.

“Attackers are deploying a variety of increasingly sophisticated techniques to take control of the phone, personal data and money,”

Alexandru Balan, senior product manager at BitDefender said:

“The Android platform’s popularity with developers and users makes it a prime target, both for thieves looking to steal devices and for those wanting to exploit it through malware and scams,”

Installing security applications

McAfee have recently teamed up with Sprint in the US to give there users easy access to mobile security to prevent users unknowingly downloading infected applications.

This seems like such an unnecessary shame when the whole issue could be resolved by simply having a more stringent vetting procedure in the android marketplace like Apple adopts. Is Google investing in security companies like the rumour that Microsoft did to capitalise on purposely shoddy holes in their operating system?

Security choices

A couple of worthy contenders to consider are webroot and bitdefender. Both have good reputations and keep getting updated to ensure they are ahead of the curve when it comes to offering some form of warning and hence protection against dodgy applications that keep becoming more and more prevalent in the damned android marketplace. Google for the third time wake up please! Your reputation is at stake here. It is no good buying patents and manufacturing prowess if users find your operating system sucks and dangerous!

Anthony Munns