A new form of Android malware can sneak onto your phone, show up as an icon resembling the Android app store known as Google Play — and send your phone number to criminals, who can then use it to send out text messages or launch a Distributed Denial of Service (DDoS) attack.
Russian security firm Doctor Web has issued a warning about the Trojan known as Android.DDoS.1.
“It is not quite clear yet how the Trojan spreads, but most probably criminals employ social engineering tricks and disguise the malware as a legitimate application from Google,” the security firm said on its site.
Once Android.DDoS.1 is installed on a phone, it creates an application icon that looks like that of Google Play’s. “If the user decides to use the fake icon to access Google Play, the original application will be launched, which significantly reduces the risk of any suspicion,” Doctor Web says.
The Trojan’s activities “can lower performance of the infected handset and affect the well-being of its owner, as access to the Internet and SMS are chargeable services,” the security firm says. “Should the device send messages to premium numbers, malicious activities will cost the user even more.”
How do you know whether you have this truly bad boy? You could install mobile security software. Doctor Web’s software can identify the Trojan, and it’s likely that mobile software from other firms including Lookout, Kaspersky, McAfee or Norton, can, or will soon, do the same.
As Kaspersky noted recently on its blog, “Cybercriminals love to offer their infected programs directly through the Google Play applications store … The first case of this was reported back in March 2011, and since then malware has appeared regularly in this online store. A combination of insufficient analysis of the apps on Google Play and customers’ continuing confidence in it as a safe source of software, means malware can survive there for days — sometimes weeks — infecting many devices.”
The Federal Trade Commission also recently posted a free Smartphone Security Checker for users of Android, as well as Apple’s iOS, BlackBerry and Windows phones. This online tool takes consumers through a 10-step security checklist tailored to their smartphone’s operating system. Even though it does not place malware protection software on your phone, it’s a good place to start.