Malware spammers target Android OS

News

Malware spammers target Android OS

Caroline Baldwin

Google's mobile operating system (OS), Android, has been targeted again by malicious malware, which causes the device to send out spam SMS messages.

The infected malware, known as SpamSoldier, has been hiding in free versions of popular Android games, such as the chart-topping Angry Birds, according to security company, Cloudmark.

Android OS handsets that had installed the infected trojan would connect to a command and control (C&C) server, which then replies with a list of phone numbers and a message to deliver. The application would then send out thousands of spam messages to encourage people to download the same app by offering free apps and even gift cards.

The text messages offering gift cards stage an attempt at monetising the attack by tricking users into giving over personal information.

Andrew Conway, security research at Cloudmark, said this type of malicious mobile application was new, yet an unsophisticated attack. But he said this sort of attack changes the economics of SMS spam, because the spammer doesn't have to pay for the messages that are sent.

"Now that we know it can be done, we can expect to see more complex attacks that are harder to take down," he said.

The trojan mobile applications were downloaded from sites on a server in Hong Kong offering free games, not through the Google Play Store. 

The Google Play Store has suffered this year from a string of attacks.

In August, Google introduced stricter rules for applications on its Android mobile OS to reduce the number of malicious apps in the Google Play app market and improve its reputation.

Mobile operator, Orange, has announced it is to pre-install security software on most of its Android OS handsets in 2013.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy