Android Malware Found Stealing Texts, Intercepting Calls

The steady drumbeat of malware and spyware targeting the Android platform is continuing, this time with the emergence of a new variant of an Android Trojan that masquerades as a Google+ app and has the ability to not only record phone calls, but also to answer incoming calls and respond to remote commands that arrive via SMS.

Android malwareThe steady drumbeat of malware and spyware targeting the Android platform is continuing, this time with the emergence of a new variant of an Android Trojan that masquerades as a Google+ app and has the ability to not only record phone calls, but also to answer incoming calls and respond to remote commands that arrive via SMS.

The new piece of malware is known as ANDROIDOS_NICKISPY.C and has some powerful functionality. The most interesting feature the malicious app sports is its ability to intercept incoming calls and prevent the user of the infected device from even knowing that the call came in. Also, according to researchers at Trend Micro, ANDROIDOS_NICKISPY.C has a predefined controller number that, when attached to incoming SMS messages, can be used to issue commands to the infected device.

And, if a phone call comes from that controller number, the malware has the ability to intercept it, silence the device so the user isn’t aware of the call and hide the keypad from the user.

“Like other ANDROIDOS_NICKISPY variants, ANDROIDOS_NICKISPY.C also has
the capability to record phone calls made from infected devices. What
makes this particular variant different is that it has the capability to
automatically answer incoming calls,” Mark Balanza, a threats analyst at Trend Micro wrote in an analysis of the malware.

“Before answering the call, it puts the phone on silent mode to
prevent the affected user from hearing it. It also hides the dial pad
and sets the current screen to display the home page. During testing,
after the malware answered the phone, the screen went blank.”

Balanza said that the malware only has the ability to intercept incoming calls on Android devices that are running version 2.2 or earlier of the operating system. Like earlier versions of the malware, 

ANDROIDOS_NICKISPY.C has the ability to gather GPS location, text messages and call logs and send them off to a remote machine. ANDROIDOS_NICKISPY.C installs on infected devices with a copy of the Google+ icon, but the app shows up as Google++.

Android has become a frequent target for attackers in the last few months as the popularity of the platform has continued to grow. There have been cases this year of SMS Trojans being found in Android apps in the Google Market, dozens of apps infected with the DroidDream malware showing up in the Market and a number of other incidents. The iPhone has been a less frequent target for malware authors, relatively speaking, than Android devices have, perhaps as a result of Google’s more open policy with the Android Market and the platform in general.

Suggested articles

Discussion

  • hillstation328 on

    has this only been found in the google+ app, or is it suspected to be running around in other apps too?

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.