A new Trojan masquerading as a game app is targeting phones running Google’s Android OS, subscribing to premium SMS services and sending information about the phone to its controller.
Computer security firm Sophos said the Trojan tags along in a legitimate Chinese game, “The Roar of the Pharaoh,” which is not distributed on Google Play (formerly the Android Marketplace).
“Once installed the malicious application gathers sensitive information (IMEI, IMSI, phone model, screen size, platform, phone number, and OS version) and sends it off to the malware’s authors. Like many other mobile Trojans, this one sends SMS messages to premium rate SMS numbers and is capable of reading your SMSs as well,” Sophos said in a blog post.
Sophos said it detects the malware, which is attached to the game app distributed on unofficial download sites, as Andr/Stiniter-A.
But it also noted the new Trojan is unusual as it does not ask for any specific permissions during installation, which is often an indicator an application is up to no good.
It added the malware masquerades as a service called “GameUpdateService” – a very plausible name for a legitimate app if one were to check the processes running on his or her device.
Also, Sophos said the malware also attempts to communicate with four .com domains with a path of “tgloader-android,” leading some to refer to this Trojan as TGLoader.
“Criminals love the free money laundering service provided by mobile phone providers. They can set up premium rate SMS numbers in Europe and Asia with little difficulty,” Sophos noted.
It said the mobile phone companies provide the payment processing and the bad guys have their money and are long gone before the victim ever receives the phone bill with the fraudulent charges.
“As always, be sure to only install applications from official sources for the safest smartphone experience. While the sophistication of today’s mobile malware is quite low, this won’t remain true if there is a buck to be made,” Sophos advised. — TJD, GMA News