Updated 2/27/12: It seems it didn't take the bad guys long to find a way around Google's 'Bouncer' security scanner for the Android Market. Rather than uploading malware to the Android Market, security firm Sophos has discovered new malware that spreads via the Facebook app.
Security researcher Vanja Svajcer explains how it works:
A few days ago I received a Facebook friend request and, as is usual, used my Android smartphone to check out the details of the person before I decided whether I wanted to become "friends" or not.
As the following video demonstrates, a link on the user's Facebook profile redirected my browser to a webpage that downloaded malware automatically onto my Android phone.
The malware package is called any_name.apk and is yet another dialer that calls premium rate numbers without the handset owner's consent. This is a popular trick used by those writing malware for mobile devices because it's an easy way to siphon money from the victim to the bad guys.
Image credit: Sophos
Sophos detect the rogue application as Andr/Opfake-C.
Updated editor's note: Although the download is initiated automatically, a Google spokesperson noted that the malware app will not be installed unless the user initiates that install action.
- Google's Android Market 'Bouncer' - Does it offer enough protection?
- Android malware uses server-side polymorphism to evade detection
- Android malware makes use of steganography
- Millions caught up in Android botnet
- How ads undermine Android security
- Six Android issues that Google doesn’t want to address
- Android bloatware results in serious security flaws
- Are security firms that warn of Android malware ‘charlatans and scammers’?
- Android Trojan records conversations, can send them to bad guys