The Latest in IT Security

Android.Arspam.1 distributes political spam

26
Dec
2011

Doctor Web-a Russian developer of IT security software-warns users of a new threat to mobile devices running the operating system Google Android. The malicious program discovered earlier by another anti-virus vendor has been added into the Dr.Web virus databases as Android.Arspam.1. The Trojan horse is designed to perform unauthorised massive SMS sending.

Android.Arspam.1 is embedded into the legitimate application AlSalah that works as a compass and helps Muslims determine the distance and direction to Ka’ba. The application also displays the current date and calculates salah timings. It should be noted that the application available in the Android Market does not carry any malicious payload, while a similar program distributed via Arab-speaking forums, as a rule, contains the Trojan horse. In other words, intruders added malicious features to AlSalah to perform their malicious tasks.

screen screen

When launched on an infected device, Android.Arspam.1 creates and registers the com.awake.alArabiyyah service which will start with the operating system. Then the Trojan horse collects contact information found on the device and sends short messages containing links to forum posts, devoted to widely publicized events in the Middle East, particularly, to the Tunisian revolution, at each contact number. The posts contain photos of Mohamed Bouazizi who set himself on fire on December 17 2010-the event that triggered uprisings in many Arab countries. The list of links is contained in the Trojan horse code. In addition, if the SIM card is registered in Bahrain, the Trojan horse downloads a PDF-document containing Bahrain Independent Commission report on human rights violations in this country.

Android.Arspam.1 is the first known to date Trojan horse for mobile devices that sends out short messages related to politics. Despite its fairly primitive implementation, we should note a very sound approach to the choice of an application to make sure that messages sent by the Trojan horse will reach their target audience. Besides, since Android.Arspam.1 already can download files from remote hosts, in the nearest future we may expect new, more sophisticated modifications capable of retrieving configuration files or link lists that will be used to send short messages. The program may also evolve into a spam bot that will be used to create botnets. However, this may or may not happen in the future: to date, Dr.Web for Android Anti-virus+Anti-spam and Dr.Web for Android Light users are well protected against this threat.

Leave a reply


Categories

SATURDAY, AUGUST 17, 2019
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments

Social Networks