A malicious application that conceals spyware and GPS tracking behind a mobile phone game has been discovered in the Android app store.
The GPS SPY application uses a game called 'Tapsnake' as a front for its mobile spying tool. The game is installed by a third-party with access to the handset of someone they want to spy on. When the GPS function of the game is enabled using a keycode given during installation of GPS SPY, geo-location data is then extracted via the game. Once enabled, it cannot be exited, sending GPS location data every 15 minutes to report the location of the phone and user,
Mikko Hypponen, chief research officer for web security firm, F-Secure, said: "The spy has to have physical access to the phone he wants to spy on. It could be used in the instance of a jealous wife installing a game on her husband's phone and then tracking him to see where he's going," he added.
IDC and other market research companies have noted Android-based devices are experiencing the highest growth in sales among smartphone manufacturers. As a result, the amount of malware targeting the platform is expected to rise. A text-based Trojan was reported to have hit a number of Android devices last week.
The open-platform model of Android's app store, Market, is causing increasing concern. "It's important to make people aware that stuff like this is going on. Google will do what they can. But it's an open platform and impossible for them to keep everything out," said Mikko Hypponen. "The game has had a few thousand downloads. Those who just found the game [in Android's app store] and thought it was a normal game are not at risk but should still get rid of it," he said.
Hypponen expects Google to remove the application from the marketplace. "It's still available but I guess it won't be for long," he added.
GPS SPY application is a mobile spying tool and costs $4.99 on Android Market.