A new variant of Android.Enesoluty, the Android data-stealing Trojan that spreads through spam messages, has recently surfaced in Japan. This time the malware is reportedly being spread through a malicious app, Lime Pop, that disguises itself as a popular game.
According to a post on Symantec’s Security Response blog, spam has begun to circulate over the last week that leads to a page hosting Lime Pop. To download the app, users have to agree with an End User License Agreement (EULA) that states the app is allowed to upload personal information from the device. So it shouldn’t be a surprise that after it’s installed, the app secretly uploads your phone’s contacts when it claims to be “checking network connectivity.”
Some developers in Japan have been able to sidestep the law lately by claiming the EULA in some of their applications stipulates user information could be harvested.
Unlike older Enesoluty variants, on the surface Lime Pop looks like a game and features bright, bubble-shaped letters and wide-eyed cartoon characters. Other Enesoluty versions have previously masqueraded as battery savers and security applications to trick users into thinking the apps were something they were not.
Symantec notes that the gang that maintains Enesoluty “has been busy since last summer,” registering in excess of 100 domains to host bogus, data stealing apps like Lime Pop and other, oddly-titled variants like Loozfon and Ecobatry.
Malware targeting Google’s Android platform has endured a meteoric rise in popularity over the last few years and Japan is bearing the brunt with some attackers installing malware on upwards to 100,000 devices at a time.