In the overwhelming majority of cases, mobile Trojans are designed to steal money or information which will ultimately be monetized. But occasionally, there are some out there whose main goal is not to change the contents of users’ accounts or wallets.
Symantec researchers have recently spotted a trojanized Android application intent of download additional apps onto the device and make it send out messages to all the people in the users’ contact list.
The original app is a popular Islamic compass app, and its offered on the official Android Market. The trojanized app is offered only on forums focusing on Middle Eastern issues. The researchers have compared the permissions required by both and found those asked by the malicious app to be more extensive and extremely suspicious.
Once installed and started, the app picks a link from a list eighteen and sends it via SMS to all the contacts in the address book:
The links take the recipients to forum site entries all containing a tribute to Mohamed Bouazizi, a Tunisian street vendor who set himself on fire in protest of his treatment by the hands of municipal officers and whose action sparked the Tunisian Revolution.
“There is an added functionality in the code: if the compromised device reports back the country ISO as BH, which is the country code for the Kingdom of Bahrain, an attempt is made to download a PDF file to the SD Card of the device,” add the researchers. “The PDF file was examined and does not contain any malicious code or exploits. The report itself is a fact-finding inquiry by the Bahrain Independent Commission of Inquiry on allegations of human rights violations.”