We recently found Android malware that comes off as a variety of applications in a China-based 3rd party app store.
The samples we were able to acquire come as a love test application, an ebook reader, and a location tracker. It is immediately noticeable that the said apps do more than they are supposed to, based on the permissions they request for.
This particular Android malware, detected as ANDROIDOS_LUVRTAP.B, automatically executes once the Android device is rebooted after installation.
Upon execution, it retrieves the affected user’s IMSI (International Mobile Subscriber Identity) and sends it to a certain URL. It also sends SMS messages, which is done to subscribe the user to certain services, eventually leading to unwanted charges for the affected user.
The apps have been taken down from the app store. However, users are strongly advised to be extremely meticulous when it comes to installing applications into their devices. Take note of their description, make the permission requests are valid, and watch out for any suspicious routines such as the automatic sending of SMS messages.
Learn more about how to keep Android devices safe from malware through our report, “5 Simple Steps to Secure Your Android-Based Smartphones.”
Leave a reply