The recent launch of iOS 8 saw millions of people upgrading their iPhones' operating systems (and many failing to have enough available memory to do so). It's a bit more complicated for Android users, who get their updates from Google, device manufacturers, and their wireless providers. This week, Malwarebytes shows us a malicious Android app that takes advantage of that confusion by disguising itself as a software update for your Android.
Fake Update
On its own, the malicious app isn't capable of rooting your phone. But Malwarebytes explains that it does check to see if your phone is rooted. If it is, it takes advantage of root tools and commands to operate with escalated privileges.
What can it do with those enhanced powers? Monitor incoming calls for one, in addition to text messages. It can also send text messages without your permission. Getting control of text messages and calls is scary from a privacy perspective, but it has far-reaching consequences for security. If an attacker can manipulate your texts, he can sign you up for premium SMS numbers that add charges to your wireless bill and line the attacker's pocket (or the pockets of the attacker's affiliates).
When banks and other institutions need to provide an additional layer of security, they sometimes use SMS messages to send two-factor authentication codes. We've seen some cases where advanced Android malware works with PC malware to steal bank logins without victims being the wiser. However, we can only speculate how the malware authors use these powers.
Lastly, Malwarebytes told SecurityWatch that the fake update app can also download and install additional apps. While we don't know what kind of apps it's installing, there are any number of reasons why this could be dangerous. It could, for example, install additional malware. This could let an attacker steal login information one day, and then turn infected phones into a botnet the next. Again, pure speculation, but the potential is certainly there.
Staying Safe
The researchers at Malwarebytes say they believe the malicious app originated in China and is spread through URLs in spam messages. While it's not clear if this nasty app has a target audience, it's not unusual for malware attacks like this to be highly regionalized. Either the malware is tailored for a particular group—say, customers of a specific bank—or the spam campaign that carries the malware is highly targeted.
The best way to avoid apps like this is to never install software from outside the Google Play store Android updates will come straight from Google, or your wireless provider. Updates are never pushed out through Web links. In fact, you should be very suspicious of any links sent to your phone, even if they appear to come from someone you trust.
Lastly, it's a good idea to install Android security software. There are many options available, and we recommend Editors' Choice winners Bitdefender Mobile Security and avast! Mobile Security & Antivirus.
About Max Eddy
Former Lead Security Analyst
