14 DAY TRIAL // Android trojans designed to spy on SMS messages are becoming more targeted with new ones using keywords to filter the captured data.
The technique was recently spotted by malware analysts from Trend Micro in a trojan that posed as a copy of the game Coin Pirates.
As most Android trojans these days, the malware was found in a Chinese unofficial market.
This is because there is no official Android Market in China and cracked apps are popular in the country.
"Like most Android malware, this Trojanized application, which we detect as ANDROIDOS_PIRATES.A, asks users to give more permissions than the legitimate version and thus, performs more routines than the original app," the Trend Micro experts advise.
The trojan installs three services, two used for communication with the command and control server and one for SMS-related operations.
The malware collects the device model, SDK version, IMEI and IMSI numbers from every infected device and uploads the data to the remote server.
Unlike other SMS spying trojans that filter messages by sender, this trojan decides what to steal by using an updatable list of keywords.
"The other capabilities of this malware include sending of text messages to a certain number as well as adding a bookmark to the device’s browser, the specifics of both the text message and the bookmark URL for which depend on the server’s response," Trend Micro researchers explain.
Users can check if they are infected with this malware by going to Settings > Applications > Running services and checking if MonitorService exists. Removing the malicious application can simply be done from Settings > Applications > Manage Applications.
According to a recent report, Android users are two and half more likely to encounter malware now than they were at the beginning one the year. Because of this, mobile antivirus solutions are becoming increasingly necessary.