| Symantec has identified new malware targeting Google Android devices that collects personal data.
The malware, detected as Android.Exprespam, is spread through the spamming of links to fake Google Play pages. These pages are hosted on a server located in Washington.
"It is worth noting that the site actually calls itself Gcogle Play," blogged Symantec threat analyst Joji Hamada. "The domain for the website was registered on December 27 and the malicious APK file contains a signature valid from January 2."
"We have confirmed nine different app pages on this site, although the downloaded app is the same in each case," according to Hamada. "A couple of the fake app pages resemble the type of fake tools used by older malware, but most are new types of fake tools. The scammers have made available a variety of apps in the hope that it increases the chances of the apps being installed. This is a distinct ramping up of activities as older malware masqueraded at most as three apps on a site simultaneously."
The installation screen displays the permissions the malware requests, which include access to personal information, the phone state and identity and account information. Legitimate applications generally do not request these permissions, the researcher noted. Read More .. |