Google Play is usually regarded as a safe place from where Android users can download applications without having to worry about malicious code or other security threats. Even when the app in question asks for some strange-looking permission, we tend to stray away any bad thoughts because theoretically, there is no way an official market overseen by experienced developers could be infected. But that’s not always so.
Webroot, a security company well-known for its mobile and business protection solutions, has discovered a rather new kind of Android malware hidden in plain-sight. Officially named Android.TechnoReaper, the threat hides under several “legit” Android apps, which supposedly allow users to deploy several font types not usually found on their smartphones. As it turns out, users would get a lot more than they bargained for.
The whole concept is rather simple actually. When the malware was discovered, there were two Android applications that supplied fonts as a cover-up. While users agreed to download and install a simple font right from the menu of the software, the actual download would redirect the link towards a spyware app, hosted on a private server. Thus, without their explicit permission, users would indeed install the desired font but also, a dangerous program.
The malicious file in question is called ikno.apk and it’s a package apparently containing the iKno Android Spy as The Next Web says. iKno Android Spy cannot be found on Google Play but can be installed from Amazon. Officially, people could use this type of software to monitor another Android remotely. In short, here’s what the spyware is capable of pulling:
Now imagine all of this happening without your knowledge. Once the spyware is installed, administrator access is probably granted to another supervisor and sensitive data of any nature may be re-directed to an online server. As paranoid as it sounds, this kind of application can squeeze almost any password or private information users wish to keep secret.
The worst part is that the entire process happens without the user suspecting anything. Once the application posing as the Trojan horse is installed and one font is applied, it takes around 10 seconds for the spyware to arrive and take advantage of the host.
At the moment of writing, the two infected applications were removed from Google Play but we managed to learn that the number of infected users were between 10,000 and 50,000, while the other one got under 100 downloads.
The malware situation seems to be getting worse each year, with more Android devices being targeted than any other platform. New kinds of infections appear frequently and even when the original app gets demolished, its idea can be transferred and implemented into newer software. As always, the only barrier standing between devices and malicious threats is a good antivirus, checkout our list of the best android antivirus apps.
Like this post? Share it!
Why is the URL censored, as if they deserve some kind of privacy?
It should be to stop evil minded minded ppl to download them and do more with it.
I’d love to know the permissions the malware has. I assume one of the permissions is installing an apk without user interaction.
Also: “As always, the only barrier standing between devices and malicious threats is a good antivirus.” Frankly, I still stand by the notion that if you’re smart about what you install, read permissions, reviews, and so forth, and use a little common sense, you’ll be good. Antivirus software often flags a lot of legit apps with false positives, too.
I found this app, seems to have questionable permissions. Does any know what this could be used for?
I noticed it says “FIND ACCOUNTS ON THE DEVICE” and “TEST ACCESS TO PROTECTED STORAGE”.
It’s Apple trying to sabotage Android I tell you :p
Yea yea and Steve Jobbs isn’t really dead and he’ll return like the Christ and rule the world once again with his evil malware attacks :D
yea yea android is most secure system in the world
how hard is it for google to setup a team that can monitor these “target” apps ? wallpapers/ fonts/ sexy ladies/ are all least common denominators for trouble.
also, like @wonshikee mentioned, why are they being given any kind of privacy?
I’d like to know why Google isn’t locking down the apps store and *forcing* developers to PROVE that there is no malware. This is probably the only area that Apple excels in. Maybe they ain’t perfect, but I don’t hear a lot about Apple’s phones being full of malware.
If Apple pre approves apps, Google should. They really need to catch up.
Yes, but then it wouldn’t be as open.
It would, as long as we are able to intall apps from sd.
Now lets just wait and see How long it takes Microsoft to use this for some sort of advertising again :P
Hmm, is Android heading in the Windows direction when it comes to malware and trojans? With so many Android devices (all using different versions of the Android OS), it’s bound to be targeted because there’s a bigger chance of catching something. Wait a minute… isn’t this the same problem Windows has? ;-) As long as you’re careful, you probably won’t download anything bad.