Google’s Android operating system has had its fair share of concerns as of late, with people growing concerned over flaws that have been unearthed at different times, and malware for the OS appearing on the Android Market. While the scale is still small enough to avoid, more crafty people are looking into ways to get their questionable apps on the OS so that they can cause havoc and potentially harvest details.
Google have tried to prevent this happening in the form of ‘Bouncer’, an automated scanner of the Android Market which picks up on malware and removes it. Bouncer came into use early in February, but it does not protect individual phones, nor does it prevent other sites from holding malware infested files. TechCrunch confirms that Sophos anti-virus have picked up on the flaw. The newest example is an application entitled “any_name.apk”; and it’s spreading via the Facebook for Android application.
When downloaded, the application installs without any permissions granted by the user, and the identity of what is being downloaded is also not made clear. This may not be the case assuming a phone maintains its default settings, since Android comes with a toggle against downloads from alternative sources. Many users do disable this though, so that they can download applications from locations such as the XDA Developers forum.
It seems that this APK is intended to call premium rate phone numbers or send them text messages, incurring large charges which can then be picked up by the fraudsters and con-men who operate the numbers, as well as likely having created the app. The app is also evolving quickly: the researcher who found it downloaded it from a different site a few days later, where it was called “allnew.apk”. The newer version worked in the same manner though was coded differently, which would imply that it is being constantly updated.
The malware associates itself with the Opera web browser for Android, including an encrypted configuration file with the dialling numbers for premium rate lines. Google have responded to the news, claiming that an install could not have happened in the manner depicted. According to Google a user would have to permit that the phone installed the application even if it was downloaded without their consent or knowledge. Sophos have not yet commented on this claim. Regardless, it may be worth unchecking the ability to download from other sources when not downloading an app, to help better maintain security.