I recently posted an entry about Trojanized applications that were found in the Android Market. About 50 repackaged versions of legitimate apps were pulled from the Android Market after being found infected with AndroidOS_LOTOOR.A. AndroidOS_LOTOOR.A steals mobile device information as well as gives unauthorized users root access to an infected device.
As course of action, Google pulled the applications from the Android Market, remotely removed the Trojanized apps from users’ devices, and deployed the Android Market Security Tool—a tool that reverses the modifications done by AndroidOS_LOTOOR.A and prevents the device from sending out device information.
Of course, what must come along but a Trojanized version of the very same application that Google released to protect users from Trojanized applications. While the legitimate application prevents information theft, AndroidOS_BGSERV.A does the opposite. It acts as a backdoor application that gathers device information and sends this to a remote URL. It also keeps a log of its routines, which it then sends to the same URL, enabling its proponents to keep track of its activities. The Trojanized application also performs functions and actions without the user’s authorization. These routines include modifying call logs, intercepting or monitoring messages, and downloading videos.
Several other new Android malware have been spotted as well, including AndroidOS_SMSREP.A, AndroidOS_FAKEP.A, and AndroidOS_FSPY.A. The increasing proliferation of Android malware clearly indicates that we have not seen the last of Trojanized apps. Users should thus continue exercising caution when installing and downloading applications.
Trend Micro offers security for Android mobile devices through Mobile Security for Android™.