14 DAY TRIAL // Experts have come across a suspicious-looking Android application that’s advertised as being able to foresee the future. In reality, the Japanese app, called KoibitoSagashi, is designed to steal user information from the devices it’s installed on.
Symantec has determined that this piece of software is somewhat similar to Android.Dougalek, better known as the malware from “The Movie” campaign. They’re not exactly the same, but initial analysis has revealed that they both steal information by using similar mechanisms, which may indicate that their developers may be somehow connected.
“The codes of the two malware are different from each other, so they may have been developed by different developers. However, it is still possible that the apps could have originated from the same organization or from folks in the same Internet fraud industry,” Joji Hamada of Symantec explained.
“Furthermore, it's possible that the authors may be sharing information about their latest strategies and tactics as well as trading stolen information.”
Initially, the fortune teller program seemed to be available on third-party websites that displayed “Download from Google Play” buttons, even though the official Android market didn’t appear to have anything to do with the matter.
However, further investigations showed that the prediction app had been in fact available on Google Play even before it made its appearance on the other app sites.
Currently, the fortune teller app has been removed from both Google Play and the other websites, but according to the figures provided by Symantec, one of the variants has already been downloaded between 100 and 500 times, while another one may have been installed by as many as 5,000 users.
While the app itself can’t be considered malware, it does have the potential to cause some damage by leading unsuspecting Android customers to fraud and other shady sites.
Users who have already installed the app are advised to remove it. For future reference, always remember to check the permissions requested by an Android program before installing it.
