It seems that the rising popularity of the Android platform in the market and the fact that it shares a large piece of the pie, automatically places it higher up in the rankings for malware attacks and exploitation. The most recent example is malware that is spreading through compromised versions of legitimate applications, available on unregulated third-party Android marketplaces.
One of those applications is the Steamy Window and once installed it is really hard to tell the difference between the legit version and the compromised one. Although it is not impossible to detect -where there is smoke there is fire-since there are minor differences that an experience eye can catch. By taking a look at the compromised application’s source code we can detect the enhanced functionality of the code and in this case the existance of Android.Pjapps whose main purpose is to act as a bot controlled by remote servers. The code allows the installation of other applications, text messaging, or even blocking text messaging responses.
The service of the compromised application will run in the background and it will go unnoticed by the user but the information transmitted to the server during its registration may contain sensitive data like the IMEI, DeviceID, Line number and Subsciber ID.
If you don’t want to get charged with text messages to premium-rate numbers, redirected to various websites and get spammed, it is highly recommended to use only regulated Android Marketplaces for downloading and installing Android applications, as well as checking for rates and comments from users that used the application before you. Also when the application requires permissions during the installation that you think are not necessary for what the application is supposed to do, it would be wise to stop it.
Source: Symantec
Loading ...