Appolicious powers Verizon Educational Tools

Latest Android Trojan mimics popular Chinese game

by Kristen Nicole

In the latest Android malware attack, the Trojan in question is disguised as an app for a Chinese game called “The Roar of the Pharaoh.” It’s a fake Android app and can gather sensitive information about the Android device it lands on, warns Sophos security researcher Chester Wisniewski. He explains that it collects personal information and technical details, including your phone number, sending it off to the malware’s authors. “Like many other mobile Trojans, this one sends SMS messages to premium rate SMS numbers and is capable of reading your SMSs as well,” Wisniewski says.

Though a legitimate game, the fake version of “The Roar of the Pharaoh” has been identified by Sophos as Andr/Stiniter-A, and it doesn’t ask for specific permissions during installation. This is a warning for consumers, who should be aware of what data an app requires for download, and brings up the question of how users are targeted on Android’s platform. With every development on the security side, there seems to be a resurgence of malicious attacks that circumvent precautions with new tactics to gain consumer participation.

Maintaining a global marketplace

SMS scams are prominent on mobile platforms because the carriers provide the payment processing, leaving you holding the bag long after the bad guys have gotten their money. A similar Trojan mimicking the Netflix Android app operated as an SMS scam as well. But this latest Trojan also highlights the issues Google faces in maintaining its mobile marketplace. Google already said it will require app makers to disclose their terms of service to end-users, and a slew of third party apps have emerged to address growing consumer concerns over how their data is being used by mobile apps. But it may not be enough.

Chinese apps in particular are finding ways to bypass Google’s Play Store, and while these aren’t always malicious apps, they’re also unregulated. Buyer beware: software downloaded in app form inside and outside Google Play can leave your device and personal data vulnerable. As more app stores from Amazon and others emerge, it’s easy to avoid Google Play all together, and this is becoming common behavior in China where the mobile market is massive and lucrative. Local services are filling in the gaps Google has left open in its global app distribution, and that could make the company look bad in the end.