Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    October 2014
    S M T W T F S
    « Sep    
     1234
    567891011
    12131415161718
    19202122232425
    262728293031  
  • About Us

    Smartphones are becoming cybercriminals’ favorite malware vector. Last week, TrendLabsSM reported the first ever Android Trojan (detected as TROJ_DROIDSMS.A) found in the wild. Though it failed to perform its intended routine, the attack showed that cybercriminals are always on the lookout for new means to distribute malware.

    Recently, Trend Micro threats analysts Edgardo Diaz and Alvin Jethro Bacani came across a possibly malicious Android app known as Tap Snake (detected as TSPY_DROISNAKE.A) that is circulating in the Android market. The said app has the ability to send a user’s GPS location via HTTP POST (gpsdatapoints.appspot.com/addpoint) the moment the user accepts the app’s end-user license agreement (EULA).

    Click for larger view Click for larger view
    Click for larger view Click for larger view

    Even worse, the app cannot be terminated to prevent it from sending out user data. The user is thus left with only two options—to uninstall the app or to stop the SnakeService. A remote user can use another Android app known as GPS SPY to monitor a Tap Snake user’s location as long as the said app is installed on the user’s device.

    Click for larger view

    To stop SnakeService, users can do the following:

    1. Go to Settings > Applications > Running Service.
    2. Look for SnakeService and select Stop.
    Click for larger view

    Threats analyst Mark Balanza advises users to first check out what kinds of permission an app asks for before installing it. In this case, Tap Snake does not require GPS data yet asks for permission related to it in its EULA. This should thus prompt users to be wary of installing the app.

    Analysis and screenshots provided by threats analysts Edgardo Diaz and Alvin Jethro Bacani. Information on the malicious routines of the said application was previously reported here.

    Update as of August 22, 2010, 7:00 p.m. (UTC)

    TSPY_DROISNAKE.A has been renamed to ANDROIDOS_DROISNAKE.A.





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon




    Comments are closed.



     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice