Android has been growing in popularity at an exponential rate, taking over market share in most (if not all) major markets around the world. Unfortunately, such incredible popularity has a downside as well, making Android one of the most targeted operating systems in 2012, with a malware growth of over 580%!
Android 4.2 includes some new malware protection features, and Google is continuously implementing changes to Play Store security, but sometimes something slips through the crack, and that is what happened with a new malicious app found on the Google Play Store called “DroidCleaner.”
In a blog post, Kaspersky Lab Expert Victor Chebyshev described in detail the discovery process and the threat presented after someone downloads and runs the DroidCleaner app. This particular app has a long list of “features,” most creative of which include the fact that the app downloads a Trojan Horse onto your PC when your phone is connected to it via USB, which can then use your PC microphone to listen to your conversations, encrypt the files and send them back to the master’s server.
If that wasn’t dangerous enough, here is a list of other “abilities” this particular malware boasts of:
- Sending SMS messages
- Enabling Wi-Fi
- Gathering information about the device
- Opening arbitrary links in a browser
- Uploading the SD card’s entire contents
- Uploading an arbitrary file (or folder) to the master’s server
- Uploading all SMS messages
- Deleting all SMS messages
- Uploading all the contacts/photos/coordinates from the device to the master
We’ve always recommended downloading apps only from the Google Play Store since it is far safer than most other app sources. Now, we’ll have to further restrict that recommendation to downloading apps that have a high download count and are from trusty developers. We’ve seen an Eset report stating that the number of malicious apps for Android will grow even faster than last year and will also be more creative and I’m guessing that DroidCleaner is just the start.