Just a few weeks ago, we have reported that Android was yet again hit by a new malware that records phone calls and presumably uploads them into a remote server. Malwares and viruses plaguing the Android platform is not the least bit surprising, in fact the matter only got increasingly worse over time. And now another malware threatens the Android platform. So if you are an Android user, it's highly recommended that you read on.
As you all know, Google's new social network Google+ is currently one of the hottest topic around. Now this new malware is made to capitalize on the current popularity of Google+ as it sinisterly disguises itself as the official app of the social network and lists itself under the name Google++. As you can see with such a name, users could easily confuse the malware as the official Google+ app, it even uses the same icon.
This malware is actually a variant of ANDROIDOS_NICKISPY.A and ANDROIDOS_NICKISPY.B, which are malwares that can record phone conversations and sends them into a remote location, as we have stated above. The name of the malware as detected by Trend Micro products is ANDROIDOS_NICKISPY.C.
So what does this malware does to affected users? Like most malwares do, this one is also capable of stealing and collecting data from the affected devices in the form of SMS text messages, call logs and GPS locations. The stolen data are then uploaded to a certain URL through the port 2018. As a variant of ANDROIDOS_NICKISPY.A and ANDROIDOS_NICKISPY.B, it can also record phone conversations and upload them into a remote server. But ANDROIDOS_NICKISPY.C is somehow worse because it can somehow answer incoming phone calls.
Like other ANDROIDOS_NICKISPY variants, ANDROIDOS_NICKISPY.C also has the capability to record phone calls made from infected devices. What makes this particular variant different is that it has the capability to automatically answer incoming calls.
The code of the malware suggests that after meeting certain a set of criteria, it would be able to answer incoming phone calls without the user's knowledge. The malware places the phone into silent mode to prevent the user from hearing the incoming phone calls. It also has the ability to hide the dial pad and set any screen to display the home page.
While this is indeed a sinister piece of malware, fortunately it is not that widespread yet since it wasn't made available to the Android Market as of now. It instead attaches itself to the devices of unsuspecting users through a website.
If somehow you have been affected by this malware, make sure that you uninstall the Google++ app right away. By doing so you should be able to rid yourself with the malicious content. Just be extra careful with your Internet activities and refrain from clicking unknown links or navigating shady looking websites. Most of the time, common sense is your best weapon in preventing these sort of malicious services. If you are an Android user and want a free security suite for your device, then do yourself a favor and install Lookout Mobile Security. You might also want to educate yourself with the current state of mobile malware by checking out this infographic.
[Source: MalwareBlog, via TechCrunch]