The increased presence of smartphones running on Google's Android platform has attracted cybercriminals who look to take advantage of their popularity among consumers. One example of an attempt by hackers to profit from the Android platform's popularity is the recently discovered Android.Pjapps Trojan. The Trojan is making its way through the Android world under the guise of legitimate applications, and it is allowing hackers to not only steal data, but to execute other functions as well.
The discovery of the Android.Pjapps Trojan was announced in an alert issued by Symantec, a security vendor. It follows two other recently detected Trojans, Android.Adrd and Android.Geinimi. The trio of Trojans show an increasing trend of hackers targeting mobile environments, especially Google's Android platform, as it comes installed as the operating system of choice for many popular smartphones.
Hackers have been successful in transmitting the Android.Pjapps Trojan by placing it on various third-party Android marketplaces that are unregulated. It disguises itself as various apps, one of which is the popular and gimmicky Steamy Window app. Steamy Window covers the user's phone display with an effect that mimics steam. The steam can be wiped off by using swiping gestures. Since the Android.Pjapps Trojan comes with all of the features of the legitimate Steamy Window version, it may be hard for users to detect.
Although it may appear to be legitimate, the app's malicious version comes with added functionality that will allow a hacker to build a botnet that is controlled by various command and control servers. Once active, the Trojan can be used to execute a variety of functions. It can send or block text messages, install applications, add bookmarks in the web browser, and visit websites. It can also be used to manipulate ad campaigns, among other things. The Trojan will also transmit sensitive user data back to the hacker. To avoid detection, the Trojan registers its own service and runs in the background.
While the Trojan's detection is difficult once installed, there is something during the malicious app's installation process that differs from the legitimate version. The malicious version's installation requests an excessive amount of permissions. The legitimate version asks for permission with network communication and hardware controls. The malicious version, meanwhile, asks for permission to access personal information and messages.
To protect yourself from the Android.Pjapps Trojan and others like it, Symantec offers some tips. Set your Android OS application settings to stop the installation of non-market apps. Do not rely on unregulated markets to download and install apps, as they are havens for malware. Before installing an app, do some research by reading comments by users who have already downloaded the app. When installing an app, check its permission requests. If they are excessive, stop the installation. Finally, use mobile security tools to protect your device from malware. The combination of personal awareness plus solid security software should help in developing a solid barrier against the new wave of mobile hackers.
For more on this topic, visit http://www.symantec.com/connect/blogs/android-threats-getting-steamy.
| DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware. |
More Web Hosting News Articles
More By wubayou