Smartphones are becoming cybercriminals’ favorite malware vector. Last week, TrendLabsSM reported the first ever Android Trojan (detected as TROJ_DROIDSMS.A) found in the wild. Though it failed to perform its intended routine, the attack showed that cybercriminals are always on the lookout for new means to distribute malware.
Recently, Trend Micro threats analysts Edgardo Diaz and Alvin Jethro Bacani came across a possibly malicious Android app known as Tap Snake (detected as TSPY_DROISNAKE.A) that is circulating in the Android market. The said app has the ability to send a user’s GPS location via HTTP POST (gpsdatapoints.appspot.com/addpoint) the moment the user accepts the app’s end-user license agreement (EULA).
Even worse, the app cannot be terminated to prevent it from sending out user data. The user is thus left with only two options—to uninstall the app or to stop the SnakeService. A remote user can use another Android app known as GPS SPY to monitor a Tap Snake user’s location as long as the said app is installed on the user’s device.
To stop SnakeService, users can do the following:
- Go to Settings > Applications > Running Service.
- Look for SnakeService and select Stop.
Threats analyst Mark Balanza advises users to first check out what kinds of permission an app asks for before installing it. In this case, Tap Snake does not require GPS data yet asks for permission related to it in its EULA. This should thus prompt users to be wary of installing the app.
Analysis and screenshots provided by threats analysts Edgardo Diaz and Alvin Jethro Bacani. Information on the malicious routines of the said application was previously reported here.
Update as of August 22, 2010, 7:00 p.m. (UTC)
TSPY_DROISNAKE.A has been renamed to ANDROIDOS_DROISNAKE.A.