McAfee researchers recently came across a new Android Trojan embedded in a pirated copy of rapper Jay-Z's "Magna Carta Holy Grail" app.
While the malicious app appears to have the same functionality as the legitimate app, the malware sends information to a remote server whenever the phone restarts, and tries to download and install additional packages.
"The only visible indication that a user is infected comes via a time-based trigger that is set to activate on July 4, Independence Day in the United States," writes McAfee's Irfan Asrar. "On that day, the malware will replace the wallpaper on the infected device with an altered image ... of President Obama that comments on recent events in the United States. Based on the political message and the fact that it was embedded in an app that coincides with the release of Jay Z’s latest album, we suspect the Trojan was recently introduced into the wild."
At that point, the malware also starts running a service called NSAListenever.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
"The image and the service name NSAListener suggest a hacktivist agenda, but we haven’t ruled out the possibility that additional malware may target financial transactions or other data," Asrar writes.