New Android Spyware Threat Disguises Itself as Google+ App

Security researchers from Trend Micro warn of a new information stealing Android trojan that disguises itself as an app for Google's new social product Google+.

This latest threat is a variant of a recently discovered trojan called ANDROIDOS_NICKISPY which is able to record phone calls.

This new version stands apart from the rest because it is capable of answering incoming calls if the phone's screen is turned off and if the calls originate from a number predefined by the attackers.

"From the looks of it, the developer of this app went for the more real-time kind of eavesdropping as well, apart from the one ANDROIDOS_NICKISPY.A used, which involved recording calls," the Trend Micro researchers write.

"The 'auto-answering' function of this malicious Android app works only on Android 2.2 and below since the MODIFY_PHONE_STATE permission was disabled in Android 2.3," they add.

In addition to phone call answering and recording, the trojan has a full set of spyware features, such as stealing text messages and call logs or monitoring the GPS location.

ANDROID_NICKISPY.C installs a large number of services, all of them bearing the Google+ logo. It also installs itself as an application called Google++ in an attempt to confuse users.

The services are called MainService, AlarmService, SocketService, GpsService, CallRecordService, CallLogService, UploadService, SmsService, ContactService, SmsControllerService, CommandExecutorService, RegisterService, CallsListenerService, KeyguardLockService, ScreenService, ManualLocalService, SyncContactService, LocationService, EnvRecordService.

The increasing sophistication and prevalence of Android malware reinforces the need of antivirus products for such devices. Fortunately, there are several free solutions from vendors like AVG, Lookout, BitDefender or Symantec that users can choose from.

According to a recent report from Lookout, Android users are twice and a half more likely to encounter malware now then they were six months ago. Furthermore, one in three users are likely to encounter web-based threats while using their devices.