TrustGo, a mobile security company, recently reported that a new malware named FakeLookout.A has been discovered on Google Play.
According to TrustGo blog post, this malware hides itself in the full Application List after installation. It only shows up in the Downloaded app list where it uses Lookout’s icon and the name “Updates”. It can receive and execute commands from remote server. According to remote server’s commands, the malware can steal user’s SMS messages and MMS messages and upload them to remote server via secure FTP. It also uploads the complete file list from the user’s SD card to the remote server. Then remote server controls the malware to upload specific files.
“The brazen use of a trusted app’s logo shows just how aggressive malware makers are becoming. These fake apps not only put users’ data and privacy at risk, they can damage the reputation of respected developers,” TrustGo CEO, Xuyang Li said in the report. “TrustGo continually monitors new apps uploaded to more than 185 marketplaces worldwide and is able to provide App Certification and Brand Protection services that alert developers when malicious clones and apps that falsely use their logos have been found,” added Li.
According to the report, “The malware can steal an Android device user’s MS/MMS messages, video files, and SD card files, meaning the potential for sensitive, identifying information to be lifted by the malware developer is real. Stolen data is transmitted to a domain in Thornton, Colo., TrustGo said, noting the same domain hosts a malicious website.”