by Gary Sims, 1 year ago
Two recent bits of research have unearthed some nasty malware that target Android devices. The first is a variant of the DroidKungFu malware which uses known Android exploits to root the victim’s device and install…
Android’s security issues are well-known, documented and much debated, but even with the introduction of a new “Bouncer” system, the number of malicious apps in Google Play doesn’t seem to be dropping.
The latest malware app to be discovered is called (or rather was called) “Find and Call” and has already been removed from Google Play. What’s interesting is that the spam-sending app managed to make its way to iOS as well, a platform that has been praised as much more secure than Android.
In fact, the discovery of “Find and Call” in Apple’s App Store can be called iOS’ biggest security vulnerability ever, questioning what many thought to be the best designed and organized malware interception system.
“Find and Call” was spotted by the good lads from Kaspersky Labs (who else?), who were notified about a “suspicious” application by MegaFon, one of the most important Russian mobile carriers. After analyzing the app, the security experts from Kaspersky got to the conclusion that this was a Trojan that uploaded its users’ phonebooks to remote servers.
After stealing the contacts, “Find and Call” used the respective phone numbers to send spam messages encouraging people to click on a URL and download the same app. As “innocent” as that might sound for Android users who’ve been dealing with much more serious security glitches in the past, this was still a malicious app that sent text messages without users’ permission to people they knew.
Moreover, the messages that the app sent appeared to recipients as sent from their friends’ phone numbers, which made “Find and Call” a very devious, deceiving and even dangerous app. Aside from phone book contacts, the app also stole e-mail addresses of registered users and uploaded GPS coordinates to the same servers used to host spam-targeted phone numbers.
It’s also worth noting that the “Find and Call” app advertised itself as a “tool for aggregating and simplifying contacts”, thus not warning its users of any plans to fish out their phonebook contacts and use them for spam-spreading purposes.
As far as we know at this time, “Find and Call” was only available in Google Play in Russian, so it’s safe to assume that there weren’t many users affected by its malware. Then again, what’s worrying is that the app was reported by several users as a malicious one during the last few weeks, having very poor user reviews and many comments discouraging other people from downloading it. This is worrying because Google failed to start an investigation of its own into the app’s purposes, and Kaspersky’s intervention was needed before “Find and Call” could be banned.
As usual, Kaspersky’s efforts didn’t stop right after finding out the app’s malicious content, and the security team tried to discover who was behind Find and Call’s making. After a short investigation, they got a hold of a Singapore-based company named “Wealth Creation Laboratory”, whose director, Sergey Bogatyrev, denied any connection with the app. Bogatyrev had no reasonable explanation why the app’s payment account led to his company, but then again you wouldn’t have expected him to admit he designed the spam-spreading “Find and Call”, would you?
No matter how small of an intrusion you feel such an app is causing you, you should understand that a spam-spreading application can become more dangerous in time and can cause you serious headaches by stealing more than your contacts’ phone numbers.