Symantec flags malicious Android porn wallpaper apps
Security giant sounds alarm over discovery of malicious data-stealing wallpaper apps. According to Symantec, up to 1.5 million Android users may have suffered a serious data breach after downloading malicious apps. The security giant identified three apps, all posing as pornographic wallpapers, that were available through Google Play for more than 30 days, despite pornography being banned from the store.
Malware Analysis and Data Theft
Analysis run by Symantec showed all three apps were from the same developer and are all identified by the company as Android.Coolpaperleak. The organisation also discovered the apps were not a modified version of a safe app, but were malicious from the beginning. Once downloaded, the app steals the following data from the user:
- The user's Googlemail address
- GPS co-ordinates
- Handset IMEI number
- Network operator information
This data is then transmitted by the app back to a remote command-and-control server.
The Popularity of Erotic Themed Malware
Lionel Payet, a Symantec threat intelligence officer, explained the strategy behind these attacks. "The erotic and porn industries are the most browsed on the internet," he said. "If you just combine the most downloaded type of apps (wallpapers) with the erotic and porn industries, you will have in your hands the perfect chemistry for a top download application in no time."
Android Security Concerns
This new threat comes on the back of research by fellow security player Kaspersky Lab, which showed 99 per cent of mobile malware was targeted towards the Android operating system. Two of the most prevalent malwares detected, Opfake and Fakeinst, were so-called premium SMS diallers, which send SMS messages from a user's phone to a premium rate service without their knowledge. Similar SMS scam apps pretending to be official London 2012 gaming apps were also found to be targeting Android users.
Kaspersky claimed the reason Android devices were popular targets was not because of how widely used the operating system is. "The core security issue...can be traced back to the lax security of the Google Play marketplace, especially in comparison to the Apple iOS App Store," the company said.
Malware Comparison Table
| Malware Name | Primary Threat Type |
|---|---|
| Android.Coolpaperleak | Data theft (Email, GPS, IMEI, Network info) |
| Opfake / Fakeinst | Premium SMS diallers |