Popularity of Android smartphones in Hong Kong is a real threat, says Symantec
By SMBWorld Asia Editors | Jan 31, 2012
Industry observers cited 2011 as the year mobile malware emerged as a legitimate threat. What does that mean for 2012?
Just days into the New Year Symantec uncovered a fraudulent application on the official Android Market spoofing popular games under the name "Stevens Creek Software". Once installed the Android.Steek app brings the user to a splash screen related to the installed fake app, which asks the user to finish the installation process by clicking on a button. If the user clicks on the button, the Internet browser is opened and the user is redirected to a website advertising an online income solution.
More recently Symantec discovered another new piece of mobile malware that exploits Android users' concerns around the Carrier IQ controversy.
Posing as a Carrier IQ removal tool, Android.Qicsomos targets French smartphone users with a covert premium rate number texting scheme. The authors have found a way around Android's app permission model under certain circumstances: the threat is signed with a certificate that was published as part of the Android Open Source Project (AOSP). This allows the app to be installed on certain devices without having to go through the regular permissions notification screen, a primary defense mechanism against malicious apps.
"Android smart devices are very popular in Hong Kong because of their sleek design and powerful features. The wide availability of free and low-cost apps on the Android Market and relatively easier policy around publishing apps on the portal makes it attractive for malware coders. Consumers should exercise caution when downloading apps and clicking links from unknown sources," said Lawrence Li, systems engineering manager, Symantec Hong Kong.