By Alexandra Burlacu | May 11, 2013 01:32 PM EDT
Security researchers found a new piece of Android malware on Google Play: a downloader that downloads a spyware app to monitor texts, call logs and location.
The authors behind the malicious code apparently disguised their hoax under the guise of font-installing apps. Offering an application that claims to legitimately download more content can bypass Google Play's security systems and spread malicious code.
Security firm Webroot identified the threat as "Android.TechnoReaper" and points out that it's quite cleverly disguised. The app doesn't seem too popular, but the risk exists.
"Once you install the app, it looks like a nice app used to install new fonts on your phone," notes the security firm. "Everything looks legitimate, but if you look in the code you'll see you could get more than you bargained for."
The issue proves yet again how important it is to have human approval for apps before making them available in an app store. Each feature must be thoroughly tested, as cleverly disguised malware is on the rise.
The two apps Webroot identified as malicious are still available on Google Play. The first one had less than 100 downloads, while the second has between 10,000 and 50,000 downloads. By Android's standards, that's hardly popular.
It remains unclear at this point whether more similar apps are available. One could easily modify such apps claiming to add fonts or other content. While fonts may not be so popular, the potential install base for malicious apps claiming to push music, videos or games would be considerably larger. Code authors could also modify what these apps download by simply plugging in a different URL.
The malicious apps found on Google Play download spyware called iKno Android Spy. The app claims to allow users to view incoming, outgoing and draft SMS by logging in to their web portal, enjoying quick synchronization and having all messages forwarded to their account. The same goes for call logs - users can forward all incoming, outgoing and missed calls to their registered account and view the call number, call time and duration. In terms of location services, users can find the exact location of the device they are monitoring and they can even request the device to send them the location details on their online account and view those details via a map.
It remains unclear whether iKno Android Spy actually does everything it claims to do or whether it also sends the data to a third party as well. If another app is downloading it, for instance, uses no longer have control over what iKno is doing.
© 2013 Mobile & Apps All rights reserved. Do not reproduce without permission.