Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

New Android Malware Steals Personal Data

Symantec has identified new malware targeting Google Android devices that collects personal data.

The malware, detected as Android.Exprespam, is spread through the spamming of links to fake Google Play pages. These pages are hosted on a server located in Washington.

Symantec has identified new malware targeting Google Android devices that collects personal data.

The malware, detected as Android.Exprespam, is spread through the spamming of links to fake Google Play pages. These pages are hosted on a server located in Washington.

“It is worth noting that the site actually calls itself Gcogle Play,” blogged Symantec threat analyst Joji Hamada. “The domain for the website was registered on December 27 and the malicious APK file contains a signature valid from January 2.”

“We have confirmed nine different app pages on this site, although the downloaded app is the same in each case,” according to Hamada. “A couple of the fake app pages resemble the type of fake tools used by older malware, but most are new types of fake tools. The scammers have made available a variety of apps in the hope that it increases the chances of the apps being installed. This is a distinct ramping up of activities as older malware masqueraded at most as three apps on a site simultaneously.”

The installation screen displays the permissions the malware requests, which include access to personal information, the phone state and identity and account information. Legitimate applications generally do not request these permissions, the researcher noted.

“Once installed and opened, the malware informs the user that the app is incompatible with the device,” Hamada noted. “However, personal data is sent surreptitiously to a server.”

Unlike other types of malware, it uses Secure Sockets Layer (SSL) protocol to upload the information that it steals so that it is encrypted.

“So why would the creators go out of their way to do encrypt the stolen information? It is only speculation on my part but perhaps it may be in order to make it look like they were taking measures to protect the collected data in the same manner as a responsible business,” the researcher blogged. “It is possible that the malware author(s) may use this in their defense if they are ever arrested.”

Advertisement. Scroll to continue reading.

Hamada urged consumers to think twice before clicking on links in emails they receive from unknown sources.

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn about active threats targeting common cloud deployments and what security teams can do to mitigate them.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Samsung smartphone users warned about CVE-2023-21492, an ASLR bypass vulnerability exploited in the wild, likely by a spyware vendor.

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Critical security flaws expose Samsung’s Exynos modems to “Internet-to-baseband remote code execution” attacks with no user interaction. Project Zero says an attacker only needs...

Fraud & Identity Theft

A team of researchers has demonstrated a new attack method that affects iPhone owners who use Apple Pay and Visa payment cards. The vulnerabilities...

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Mobile & Wireless

Asus patched nine WiFi router security defects, including a highly critical 2018 vulnerability that exposes users to code execution attacks.