Japanese Android Users Hit with ‘The Movie’ Malware

April 16, 2012 /

Just when they thought they’ve installed the legitimate app, Android users in Japan are struck with malicious applications created to imitate popular games in the country or play a video in relation to the game.

Security vendor Symantec has identified 29 malicious Android apps belonging to seven developers. The apps share common programming code. Symantec says it can be assumed that it is a sole individual or an organization that is committing the crime.

The very first app that was confirmed appeared on Google Play around February 10, with more beginning to follow until late March. Originally the apps posted were not game related, but were random ones with an erotic nature, a contact management app, a recipe app, and a diet assistant app to name a few.

But the number of downloads was low. Then in late March, more apps with names ending in “the Movie” were released, catching the attention of a large number of users who installed them.

The total number of installations is up to at least 70,000, but could potentially be as high as 300,000. The number of infected devices is unclear since a user could have multiple installations.

Not only are users whose device has been infected victims, but the people in the Contacts are also victims seeing as their information is stolen.

According to a survey conducted by NTT Advertising in October 2010, the number of contacts for mobile users in their 20s averages 74.8 while users in their 30s average 51.6. This could mean that potentially millions of people may be affected.

The description of many of the apps makes it sound like network access is necessary. However, they should not need to read personal data or the phone identity.

For some reason, the names of the apps on the mobile device do not match the names of the apps shown on Google Play.

If these apps are installed and opened, they connect to an external server prepared by the scammers to download MP4 files to play videos. However, in the background, the phone number of the device as well as details including name, phone number, and email address of individuals in the phone’s Contacts are transferred to the same server as well. The apps are able to send the information because permissions were given at the time of installation.

The purpose of this attack is not clear; however, a strong assumption is that the scammers are harvesting emails addresses and phone numbers to use for their next round of malicious activities, such as spamming scams by email or calling individuals to attempt to defraud them. So the information could be sold to criminal groups.

Some apps have multiple names in Google Play. All apps appear to have been taken down and are currently unavailable on Google Play.

 

Share your opinion