14 DAY TRIAL // A legitimate Islamic compass Android application was discovered by Symantec researchers to hide a mobile Trojan designed to promote revolutionary topics in the Middle East.
While the app is clean on the Android Market, those who download it from third party locations may end up with a piece of malware that sends out links to every contact in the infected phone’s address book.
The links point to one of eighteen forums that bring tribute to Mohamed Bouaziz, a Tunisian street vendor who on December 17, 2010, set himself on fire as a form of protest against local authorities. Since his act became a catalyst for the Tunisian revolution and the Arab Spring movement, websites that represent a tribute to him are meant to call the Muslim world to battle.
The rogue Android app also checks to see if the targeted mobile device is owned by someone in Bahrain and, if it is, it downloads a PDF document that represents an inquiry by the Bahrain Independent Commission of Inquiry on allegations of human rights violations.
Symantec researchers didn’t find any malicious codes or exploits, but it’s enough that the infected machine becomes part of a spam sending botnet that tries to forcefully promote some ideals and inflates the victim's bill.
If last week we saw how in Russia, activists were being censored, it seems that in the Middle East things are somewhat the other way around.
I advise you to download applications only from trusted locations to make sure you don’t end up with some malicious piece of software.
Also, in order to differentiate the rogue app from the real one, you can always check the permissions it requires before you install it. If a simple program request permissions to “services that cost you money,” “your messages” and “your accounts” it may mean that you’re dealing with a piece of malware.