A new piece of malware, dubbed FireLeaker, has been found by NQ Mobile’s Security Research Center. Unlike other types of malware, which send premium rate SMS message or install a keylogger to try and steal password and banking information, FireLeaker wants your contacts and system information.
What FireLeaker does is collect your contacts and then uploads them to a remote server. The precise reason for this data stealing isn’t yet known, but most likely the information will either be sold on to e-mail spammers, who will bombard people in your address book with all kinds of unsavory and strange offers; or it will be used by SMS spammers who will send phishing and spam text messages directly to those in your contacts.
NQ Mobile team haven’t published which apps they saw infected with the malware, but they say it comes “disguised as a widget” that silently collects “information from your contacts and uploads them to a remote server.” FireLeaker also collects device information, such as your IMEI and service provider name.
Once all the data is collected, the malware starts to upload its harvest to a remote server. To avoid being spotted, FireLeaker uses a timer to connect to the server every four minutes. According to NQ Mobile, the server address starts with 91.230, an address range used almost exclusively in Russia.
Although the existence of such malware is disturbing, there are simple steps every Android user can take to decrease the chances of malware infection:
- Most (like >99%) malware infected Android apps are distributed via untrusted third party app stores. Only download apps from trusted sources and well known stores like Google Play and the Amazon Appstore. Always check reviews and user comments before downloading anything.
- Closely watch which permissions are requested by any app. An app shouldn’t request permission to do more than it reasonably needs. For example, games hardly ever need to send SMS messages.
- Download a security solution for your device.