Exprespam Android Malware Steals Upwards to 75,000 Bits of Information

Early research from Symantec estimates that spammers behind a new type of Android malware may have already stolen “between 75,000 and 450,000 pieces of personal information” from Japanese users. While these numbers may be disparate it does suggest the malware, , has been successful since popping up a few weeks ago.

Early Android.Exprespamresearch from Symantec estimates that spammers behind a new type of Android malware may have already stolen “between 75,000 and 450,000 pieces of personal information” from Japanese users. While these numbers may be disparate it does suggest the malware, , has been successful since popping up a few weeks ago.

According to a blog post this morning by one of the firm’s security researchers Joji Hamada, one website serving up the malware saw more than 3,000 visits last week while another similar looking, yet unnamed app store appears to be on standby.

As previously reported, the websites trick users into downloading apps by mimicking the Google Play market. One site even called itself “Gcogle Play” earlier this month before changing its name to “Android Express’s Play,” according to an older blog entry on the malware. Links to the faux markets have been circulating in spammy Android newsletter emails since the beginning of the month.

When users download any of the infected apps, the phone’s information is harvested.  Each device’s number along with the emails and names stored in the phone’s contacts section are remotely uploaded.

Despite recent mobile malware arrests in Japan, Exprespam joins a slew of Android malware variants that have popped up and tricked users into downloading bogus apps over the last couple of months. Enesouty, first discovered in early fall and Dougalek, discovered around Halloween, have both been spotted sniping user’s information.

For more on Exprespam, including a summary of how Hamada deduced how many users were infected by the malware, head to Security Response.

Suggested articles

Discussion

  • Anonymous on

    That number is tootal wrong, acroding to the blog, each phone has 150 contact address ????? What kind of vodo math is that. 

  • Anonymous on

    The numbers dont make any sense, also the Japanese police dropped the case aganist these guys. What makes this news worthy or even malware at that. 

  • Anonymous on

    Not so weird. I think my phone probably has 150-200 contacts in it.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.