By Armando Orozco
Are Android phones susceptible to Trojans and other viruses just like computer? How can you make sure your phone doesn’t become infected and if it does, what can you do? Webroot mobile threat research analyst, Armando Orozco answers this question that was asked to our Webroot Threat Research team via Twitter.
By Andrew Brandt
Most of yesterday, Threat Research Analyst Armando Orozco and I took a closer look at a piece of malware discovered by a university security researcher, Xuxian Jiang of North Carolina State. The malicious code, which the malware creator named Plankton, is embedded into a number of apps that were briefly posted to Google’s Android Market earlier this week, then rapidly pulled down after the researchers informed Google of their initial findings.
The Plankton code appears in a number of applications that were all focused on the popular game series Angry Birds. Some of the samples we looked at came as Android apps with names like Angry Birds Rio Unlocker v1.0, Angry Birds Multi User v1.00 or Angry Birds Cheater Trainer Helper V2.0.
When executed, the program displays the following text on the screen:
Welcome!
Simply click on the button below to unlock ALL levels in Angry Birds Rio. This will not delete your scores but might change the number of pineapples and bananas you have
None of the programs function as advertised. Instead, the malicious apps install additional code into the Android device into which they’re installed. These additional functions provide remote access and control of the Android device to, presumably, the distributor of the malicious apps, whose identity remains unknown at this time.
By Andrew Brandt and Armando Orozco
A Trojaned application that displays a cutesy image of a 2011 calendar on an Android device’s desktop comes with a nasty surprise: The app sends text messages to a premium service that charges the phone’s owner money.
As first reported by the Taiwan-based AegisLab, a single developer, which went by the name zsone, published the apps to Google’s Android Market. All apps from that developer were pulled from the Market today by Google, though only some of them appeared to contain the undesirable code.
We took a closer look at one of the apps, called iCalendar, that AegisLab was kind enough to share with us, and it didn’t take long to find the malicious code inside. Fortunately for most non-Chinese Android users, the premium numbers reportedly only work within China. We’re still testing to make sure that’s correct.
