A new piece of malware is trying to take advantage of poor battery life on Android smartphones. Cybercriminals have created an app that is supposed to reduce battery use, but in reality steals the user's contacts data stored on the device. Symantec, which first discovered the malware, is calling this particular threat Android.Ackposts. Here's the official description
Android.Ackposts is a Trojan horse for Android devices that steals the Contacts information from the compromised device and sends it to a predetermined location. The Trojan may arrive as a package with the following name: BatteryLong.apk.
As opposed to using third-party app stores or even the official Google Play store, this app is pushed via Japanese spam e-mail that includes a link to download and install it. Although the messages claim the app reduces battery use by half, the app does nothing to save battery power. It does, however, send the user's contacts data (name, phone number, e-mail address, and more) to an external website for safe keeping.
As you can see in the screenshot in the top right, this malicious app only requests two permissions when it installs: "Network communication" (to access the Internet and upload the personal data) and "Your personal information" (to read and acquire the user's contacts data in the first place). The developer may have limited the number of required permissions as much as possible to avoid suspicion.
Once the app is installed and launched, a setup screen appears for a second, followed by a message stating that the device does not support the app. That is when the app steals the user's contacts data in the background.
The developers of this malicious app are most likely trying to harvest e-mail addresses for spamming purposes. Symantec traced the spam message back to the sender, and discovered that the cybercriminals are also operating various social networking and dating sites already notorious for sending spam.
- Warning: Fake Skype app on Android is malware
- Malware charges users for free Android apps on Google Play
- Android malware families nearly quadruple from 2011 to 2012
- A first: Hacked sites with Android drive-by download malware
- Warning: GTA, Super Mario on Google Play are Android malware
- Warning: Fake Instagram app on Android is malware