Backdoor Trojans piggyback on popular Android apps, warns Symantec

By Abhinav Lal | Published on 02 Mar 2011
Backdoor Trojans piggyback on popular Android apps, warns Symantec
Symantec has notified the mobile world that a new Android application has been hijacked, and could potentially lead to enormous SMS bills if downloaded. The latest in a series of hacked Android apps, Steamy Window is a mundane but popular screensaver application that now contains malicious code.
While the Android Market still has clean versions of these apps, Symantec says hackers are capitalizing on user ignorance and carelessness by uploading the infected applications on third-party app stores instead. Steamy Window was hacked by Chinese cyber criminals, and latched a backdoor Trojan virus onboard called “Android.Pjapps” according to Symantec.
Symantec’s Vikram Thakur, a principal security response manager, has warned of what the malicious app can do when installed - install other malicious applications, edit browser bookmarks, silently navigate to web sites and send text messages. He pointed out that sending text messages from infected phones was how the cyber criminals made their money, allowing them to send SMSes to premium rate numbers, for which they get commissions. The Trojan also blocks incoming carrier/operator SMSes, potentially hiding warnings, payment and balance alerts from users.
While numerous apps before Steamy Window have received similar treatment by hackers, it is an unpleasant example of how good they’ve gotten at their jobs, apart from being a much needed wake up call to users to download apps intelligently, from trusted sources.
[RELATED_ARTICLE]Vikram Thakur also warns that the malicious code that’d been added to Steamy Window is one that can be added very easily to other applications, and, that Symantec expects this trend of compromising legitimate Android apps to continue, and grow.
He adds: “If you're hell-bent on using [unauthorized third-party app stores], look at the permissions the app requests when it installs. A [malicious] app will request more permissions than the legitimate version.”
Abhinav Lal

email Protection Status