McAfee researchers recently uncovered new Android malware in several Japanese-language applications in the official Google Play market.
"When the application is about to be installed, two suspicious permissions -- read contact data and read phone state and identity -- are requested," McAfee's Carlos Castillo wrote in a blog post. "Neither is needed for the principal purpose of the application, which is to display a video from the Internet."
Instead, Castillo says, the malware acquires the device's Android ID, phone number and full contact list (including all names, telephone numbers and e-mail addresses), then sends the data to a remote server in clear text.
"As the data is being harvested, the app displays a 'loading' message," notes PCMag.com's Mark Hachman. "If the app is successful at harvesting the data, the video will play; otherwise, an error message is generated, McAfee said."https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
"The McAfee post says the company has so far found 15 of the malicious apps, from two developers, and that they've been downloaded by at least 70,000 people," writes CNET News' Edward Moyer. "All those apps, however, have now been removed from Google Play. McAfee says its Mobile Security product detects the threats as Android/DougaLeaker.A, and that Google Play users should check to be sure apps aren't requesting inappropriate permissions."
"The good news is that the researcher was tipped off by sketchy permissions requested by the app, so checking permissions of apps from the Play Store (as many diligent users do) is still a good way to protect yourself," notes Android Community's Michael Crider. "The bad news is that Google’s much-lauded Bouncer protection system seems to have failed, possibly because the apps send the information in plain text. In security terms, it’s the digital equivalent of robbing a 7-11 in broad daylight."