Android 'X-Ray' Malware Tempts Peeping Toms
If it sounds too good to be true, it probably is.
That's the most recent lesson being learned by Android users in Japan, where scammers are luring victims into downloading malware via a corrupted app that promises to give the cameras on their devices x-ray vision, à la Clark Kent.
This far-fetched Trojan is circulating rapidly thanks to an added layer of sneakiness on the part of the app's creators, according to Symantec's Security Response blog.
Unlike most Android Trojans, which are found by browsing "off-road" Android app markets unendorsed by Google, this one is delivered via an SMS text message with a friend's name attached to it.
This makes unsuspecting victims more likely to download the fake app, since they think it's coming from someone they know.
Upon opening the spam SMS, victims are asked to visit a site where they are prompted to download an app called "Infrared X-Ray," which claims to let the user see through the clothing of women viewed through the device's camera. (That feature doesn't work.)
But when the app is installed, the user's contact details are uploaded to the scammer's server.
Not only does this Trojan fail to deliver on its naughty promises, but it also adds insult to injury by redirecting the user to an image of a man giving the middle finger and branding the gullible victim a pervert.
The app is believed to have been created by Android.Uracto, a group of scammers responsible for the circulation of at least 10 malware apps in Japan in recent weeks.
Symantec reports that the apps all appear to be hosted on a few dedicated servers located in Singapore and in the U.S. state of Georgia.
Several other variants of this Trojan go even further to scam Android users. These version display a fake "registration" page that claims the user has subscribed to a site hosting adult content.
The app then sends repeated SMS messages to the user and to people on the phone's contact list, demanding 29,000 yen (about $308.50) as payment for this "service."
Android.Uracto has created several versions of this Trojan to appeal to different demographics of potential victims.
One app, the "Mama Navi" may be designed to draw in the mothering set. Even bookworms aren't safe, as malware masquerading as a book sharing app is also in use by the scammers, according to a separate Symantec blog posting.
If you're an Android user, you can protect yourself by steering clear of links you receive via SMS, even if those links are sent by people in your contact list.
Users should stick to apps that can be downloaded from Google Play, though even Google Play apps can pose security risks and should also be reviewed before installation.