Android adware Trojan also contains keylogger and data exfiltration capabilities
Mon 30 Nov 2015
Russian security researchers have identified a Trojanised version of an Android adware variant which not only delivers unwanted advertising but also has the capability to log keystrokes and intercept text messages, passwords and search queries.
The legitimate software which has been copied and infected is the AnonyPlayer music radio app, which in its malicious form is codenamed by the Dr.Web researchers [Russian language] as Android.Spy.510. The app is not available, either in its valid original form or as corrupted malware, from legitimate Google Play sources (and as expected the company recommends to avoid third-party app repositories as a source of software).
The adware’s authors have included unusually evasive tactics in the variant; it plays possum for several days after installation, manifesting no changes in the normal running of the infected Android system, and thereafter prepends commercials to any app that is not on a whitelist, such as system settings and the Trojanised AnonyPlayer itself, which has been excluded apparently to divert attention away from its malicious activity.
After the initial launch of the infected AnonyPlayer, victims are also requested to install an app called AnonyService, apparently dedicated to protecting the user’s privacy, but in actuality exposing it by installing keystroke and data interception capabilities. Dr. Web did not give any details of any command and control servers to which harvested information might be sent from affected users’ phones. The malware can also simulate user interaction in the interests of mining value from its escalated user privileges.
The Trojanising of otherwise-legitimate Android apps has become a chronic problem this year, with over 20,000 known infected Android apps at large in the various app marketplaces. The non-binary, open source nature of many apps has made it possible for cybercriminals and adware malfeasants to re-spin popular apps on an industrial scale, often with automated M2M procedures.