Sophos has warned Android mobile owners that they are now sitting ducks for fervid cybercriminals after finding a Trojan that collects personal data before sending text messages to premium rate phone numbers.
The latest malware detection involves a purported legitimate Chinese game, The Roar of the Pharaoh, but inconspicuously carries a blotted out Trojan called Andr/Stiniter-A.
According to security experts at Sophos, this Trojan is “rather unusual” since it will not request permissions during installation, which should be smoking gun for well-informed, tech-savvy users.
The analyst house reports that the Trojan-carrying version of the mobile app currently circulates on unsanctioned download sites and quite popular, with the authentic Chinese game undistributed on Google Play.
The malware works after an unknowing Android handset owner installs the app, allowing the malware to collect data, such as phone number, IMEI number, phone model, screen size and platform, and recording the OS version and platform used for sending via SMS to the Trojan’s authors.
“Like many other mobile Trojans, this one sends SMS messages to premium rate SMS numbers and is capable of reading your SMSs as well,” Sophos reported. “Criminals love the free money laundering service provided by mobile phone providers. They can setup premium rate SMS numbers in Europe and Asia with little difficulty. The mobile phone companies provide the payment processing and the bad guys have their money and are long gone before you ever receive the phone bill with the fraudulent charges.”
To add difficulty in detecting the Trojan, it runs as under the name “GameUpdateService”.