News  Android
Android "Infrared X-Ray"

Spams users contacts

Symantec is warning of an app claiming to allow users to see through clothing which in fact contains malware. The app will trawl through the users address book and spam the victims contacts via SMS. Symantec warn:

While the contact data is being stolen and sent to the malware author, the new variants also download and display registration details for a website hosting adult content. The app no longer attempts to turn the camera on like it did previously. Instead, it displays a splash screen for a second or two before displaying a message stating that registration has completed and the victim is asked pay 29,000 yen for the “service”.

To make things even harder, the app removes itself from the launcher once it has completed a run.

F-Secure warned that malware authors are developing more sophisticated attack techniques for mobile devices, using encryption and randomization or hiding malicious code in image files. Malware also was discovered on bootleg copies of the Angry Bird game, the firm said.

Users are tricked into downloading

The message the users contacts receive invites them to download the app via a link, which is how it spreads. Since most users trust their contacts, this results in a faster spread rate than the usual blind email or web link spoof.

Although the app seems limited to Japan so far, it is only a matter of time before similar malware spreads further afield.

Symantec's Hamada said all device owners should refrain from clicking links in emails and SMS messages that aren't expected. Only download apps from trustworthy sources, he said.