NQ Mobile researchers recently uncovered new Android malware, called DDSpy, which poses as a Gmail app.
“[The app] will hide in your app list and wait for instructions from a remote server, which will send commands via SMS,” the security firm explains. “When DDSpy receives a command, it will configure the uploading email address and determine what content to steal. Our research shows that it’s capable of uploading the user’s SMS, call log, and vocal records. In addition, it reserves a GPS-uploading interface for future development. Because of this strange activity, we are concerned that it will evolve into more malicious spyware.”
“NQ Mobile’s warning is the latest in a series of alerts on SMS malware, a threat it believes will escalate,” Infosecurity reports. “This malware traditionally makes its money by making unauthorized calls to premium numbers. Now it is evolving into traditional malware, able to receive instructions from a remote server and to exfiltrate data on demand. This means the business model is changing. Unauthorized premium calls can be expensive for the victim; theft of bank details could be disastrous.”
“The malware initiates the recording of phone calls either when it receives the command to do it or when it detects outbound calls, and stores the recordings on the phone’s SD card,” writes Help Net Security’s Zeljka Zorz. “Once a day, all the recorded information is sent to the remote server. The researchers didn’t say where they found the app or whether an attacker must have physical access to the victim’s phone to install it, but it’s safe to say that if you find a Gmail app in your device’s app list and you haven’t put it there, it’s unlikely a good thing.”
“DDSpy joins an impressive list of Android Trojans and other covert cyberweapons that have kept smartphone users on their toes, including Nickispy, DroidDream, DroidKungFu, GGTracker, Foncy and UpdtBot, all of which are capable of harvesting sensitive data from victims’ phones,” writes SecurityNewsDaily’s Matt Liebowitz. “Because Gmail is on every Android installation at the time of purchase, it should, with a little skepticism and common sense, be easy to avoid DDSpy: Ignore any links to suspicious-looking Gmail apps in the Google Play market, and make sure you outfit your phone with mobile anti-virus software.”