New Android Trojan Poses As Carrier IQ Detection Tool
|Image composite by SecurityNewsDaily|
A deceptive new Android Trojan masquerading as a tool to detect the controversial Carrier IQ software is covertly running up the phone bills of unsuspecting smartphone users.
Dubbed Android.Qicsomos by Symantec researchers, the Trojan is a version of an open source project designed to detect Carrier IQ, a diagnostic tool built into a host of smartphones from all different carriers.
Carrier IQ sent the security world into an uproar when, in late November, a researcher discovered that the software, which is designed to enhance consumers' mobile experience, actually logs keystrokes, text messages and encrypted Web searches. Carrier IQ reps refuted the original claims that the software harvests users' personal data.
The weeklong drama, however, was enough to make Carrier IQ and smartphone privacy a hot button issue, and it's by pressing that same button that crooks are keeping the new Qicsomos Trojan alive and spreading.
According to researchers, Qicsomos, which is currently affecting French Android customers, hides in an app called "Detecteur de Carrier IQ" and appears on devices with an icon similar to Orange, a major European telecom operator. When the user notices the icon and presses "Désinstaller" (to uninstall Carrier IQ ), the Trojan goes to work, sending four premium rate text messages the smartphone owner is then billed for and then erasing itself.
Symantec researchers said there is no trace of the phony app, "Detecteur de Carrier IQ 2.0.4," in Google's official Android App Market. They believe the app may be spreading through social engineering or phishing campaigns pretending to be from an official mobile carrier.
While Qicsomos is affecting French Android users, it's possible the attackers could shift the battlefield to the U.S. In the event you come across unsolicited apps or emails promising software to detect or rid your phone of Carrier IQ, do not pursue the offers and never download any app that looks suspicious . Check an app's ratings and permissions before downloading it, and make sure you run anti-virus software on your mobile device, not just your computer.