14 DAY TRIAL // A number of 29 Android applications found on Google Play (the new Android Market) were appointed as being malicious by Symantec. The pieces of malware, identified as Android.Dougalek, pretend to be popular games or games-related videos.
First discovered in February, the malicious elements were advertised as recipe apps, diet assistant apps, content management apps, and even adult apps. The same cybercriminals are believed to have launched another series of malicious programs at the end of March, the names of which all end in “the Movie.”
Experts reveal that at least 70,000 users may have installed the pieces of software, but the true number of victims may be as high as 300,000.
Initial analysis of the malevolent applications shows that they mainly target Japanese Android users. Also, it’s likely that the ones that started this campaign are the same cybercriminals that spread the malware known as Android.Oneclickfraud.
Once installed, the apps request the rights to access personal data and the phone’s identity. While in the foreground it seems as they connect to an external server from which they download the much promised videos, in reality they gather information and send it back to the server.
Based on the fact that “the Movie” programs collect data such as names, phone numbers and email addresses from the infected device, this campaign is most likely designed to gather information for future malicious operations.
Another thing that must be noted is that once they're installed, the shady apps will show up on the Android device under a different name than the one presented on Google Play.
Currently, Google has removed the applications from the Play site and even the Tokyo Metropolitan Police Department is looking into the issue, but in the meantime, users are advised to be on the lookout for similar threats that may hide among the legitimate pieces of software hosted on legitimate Android app markets.
Note. My Twitter account has been erroneously suspended. While this is sorted out, you can contact me via my author profile or follow me at @EduardKovacs1