Antivirus software

A Malware-induced Rapture for Mobile Devices?

May 21 didn't turn out to be the end of the world. But it did bring a reminder that the world is an increasingly risky place for mobile devices.

A Trojanized version of a legitimate app, which was set to activate on May 21 and 22, is one more example of the growing malware threat to mobile devices, according to John Harrison, group product manager with Symantec Security Response.

The latest is Android.Smspacem, embedded in pirated versions of the legitimate "Holy (expletive) Bible" app. The Android operating system is one of the most popular platforms for smart phones.

[Also see: Your Android's dirty little secret]

Harrison says threats in the mobile space have "gone from nonexistent" to an increasing problem precisely because of the popularity of certain platforms.

"Where there is volume in a platform, there is value to the bad guys," he says.

According to a Symantec blog, once the threat is installed, it waits for the device to reboot, and then starts a service called "theword." It then attempts to contact a host service, passing along the device's phone number and operator code, and also to retrieve commands from a remote location.

These same actions are carried out every 33 minutes. In addition to having abilities to respond to commands through the Internet and SMS, the threat also has activities that are designed to trigger on May 21 and 22.

[Also see: Smartphone botnets? New report predicts mobile devices will be part of DDoS attacks]

On those dates, the malware began automatically replying to SMS messages sent to infected devices with the following text, mocking the "end-of-the-world" predictions: "Cannot talk right now, the world is about to end." It then randomly selected one of several other similar predefined messages and sent those to users' entire contact lists.

It also changed infected devices' wallpapers to several predefined images, one of them promoting a PAC for faux news anchor Stephen Colbert.

Symantec, the Mountain View, Calif.-based maker of Norton information management and security products, has already provided detection for the threat, known as Android.Smspacem.

But the best way to deal with such threats is to learn to avoid them in the first place.

Harrison says most people are now aware that they should not download any .exe file, but are less savvy when it comes to the newer threats, which in some cases may come from a friend whose device has already been compromised.

To avoid malware on your mobile device:

For comprehensive coverage of the Android ecosystem, visit Greenbot.com.

Subscribe to the Daily Downloads Newsletter

Comments