Following on from my previous post here is more on the fake Lookout app that was discovered on Google Play:
TrustGo Security Labs: Advanced Malware Found on Google Play New Threat Disguises Itself As Popular Mobile Security App
Santa Clara, Calif., October 17, 2012 – TrustGo Mobile Inc. (TrustGo), a leading mobile security company, today announced TrustGo Security Labs discovered a new and dangerous virus on the world’s leading Android app marketplace, Google Play. The malicious code was hidden within an app named, “Updates” by developer Good Byte Labs (Package name: com.updateszxt) and was designed to look like an update to the Lookout™ mobile security application.
Dubbed Trojan!FakeLookout.A by TrustGo Security Labs, the malicious app steals user SMS/MMS messages and video files, as well as all the files on the user’s SD card and transmits them to a remote FTP server operated by the malware maker. With these functions, the virus has the potential to cause significant privacy breaches and to expose all the sensitive personal and business data on users’ devices to malicious actors.
The new malware is significant in that it hides its presence on the infected user’s device by removing itself from the device’s full Application List, leaving only a false and misleading icon in the Downloaded Apps list that uses the familiar logo of Lookout, and the name, “Updates.” The offending app was first seen on October 15, 2012 and positively identified as malicious just 36 hours later. TrustGo immediately notified Google of this new virus and confirms that the infected app has been removed from Google Play, limiting the infection to a small number of users. TrustGo has also alerted other app marketplaces that have been found to contain the threat.
FakeLookout.A indicates a new approach being attempted by malware makers. The virus-containing app sent its stolen data to a domain hosted in Thornton, Colorado that also hosts a malicious website. The site contains a Trojan file that targets multiple platforms including Windows, Mac and Unix/Linux operating systems. This malicious program is able to drop different Trojan files, depending on the user’s operating system.
“The brazen use of a trusted app’s logo shows just how aggressive malware makers are becoming,” said Xuyang Li, CEO of TrustGo. “These fake apps not only put users’ data and privacy at risk, they can damage the reputation of respected developers. TrustGo continually monitors new apps uploaded to more than 185 marketplaces worldwide and is able to provide App Certification and Brand Protection services that alert developers when malicious clones and apps that falsely use their logos have been found.”
TrustGo’s SAFE App Reputation cloud services are updated immediately when new threats are discovered. Users of TrustGo’s free Antivirus app are automatically protected from Trojan!FakeLookout.A and thousands of other malicious and risky apps. For a detailed description of this new virus visit http://blog.trustgo.com/fakelookout.
Quick Tips for Securing Your Android Device Download TrustGo Antivirus™ app so you can:
Check the security of every app before downloading with TrustGo Secure App Finder Engine (SAFE)
Scan malware in real time to ensure that new apps you’re downloading are not malware, malicious clones or compromised by High Risk behaviors
Browse the web securely as TrustGo will notify you instantly when a site you’re browsing is malicious or part of a phishing scheme.
TrustGo Services for Developers
Track and monitor “Tip,” “Cheat,” “Fan Apps” and other apps that use the developer’s brand names, app names, logos and descriptions
Identify and report malicious clone apps, re-packaged apps with malware or adware additions, cloaking schemes using developer branding, user registration re-directs, etc.
Assist in the removal of offending apps on global marketplaces.
About TrustGo Mobile Inc.
TrustGo Mobile Inc. (TrustGo), a leading mobile security company, provides users a simple way to keep their devices safe. TrustGo’s total security and management solution provides advanced cloud-based protection for smartphones and tablets. It gives users greater freedom and control in their mobile lives through a comprehensive approach to security. In addition to real-time protection from malicious apps, websites, privacy breaches, theft and identity leaks, TrustGo also offers robust mobile device management (MDM) and secure app discovery features. TrustGo was founded by web security veterans in 2011 and is headquartered in Santa Clara, California. TrustGo is available now on Google Play. For more information, please visit www.trustgo.com.