Android malware masquerading as a legitimate app or game being offered on online app stores is not a rare occurrence, but purposefully destructive malware that does not ask for ransom is.
Dr. Web researchers have recently analyzed a new Android Trojan that falls in the category they call “vandal programs.”
Detected as Android.Elite.1.origin, the Trojan impersonates a game that combines Rovio’s popular Angry Bird and Hasbro’s Transformers franchise and which is to be released later this month.
The malware creators seem to have used graphic elements from the game’s official site to make the app seem legitimate.
Once the fake app is launched, it asks the user to grant it access to the device’s administrative features – ostensibly to work as it should, but actually to be able to perform the following destructive and disruptive actions:
- Format the device’s SD card and, therefore, delete all content on it
- Block access to the WhatsApp Messenger, Facebook, Hangouts and the standard Android SMS applications by showing a graphic containing the Android logo equipped with the Guy Fawkes mask and a gun, and the message “Obey or Be Hacked.”
“To further hamper the usage of mobile communication tools, the malware hides all notifications about new incoming SMS. At the same time, received messages are saved in the Inbox folder which is actually unavailable because access to the messenger is blocked,” the researchers explained.
Finally, an SMS message saying “Elite has hacked you. Obey or be hacked” is sent to every contact in the device’s address book and every valid phone number from which an SMS is received.
These messages are sent repeatedly to all these numbers every five seconds, so the mobile account associated with the compromised device can be depleted in minutes or even seconds, the researchers warned.
Unfortunately, it’s not known how the Trojan spreads. I checked Apple’s and Google’s official app stores, and there is no sign of it (well, not in this current incarnation).
The researches got the malware sample from a public online service. It is possible that the app is offered for download on third-party online app stores, but could also be propagated via spam messages. The latter method seems more likely if the malware creators wanted to hit specific targets.
In any case, it’s always a good idea to be careful when downloading and installing software on your mobile device. Stick to reputable stores, check whether the publisher of the app is the correct one, be critical of the permissions the app asks, and be especially careful when downloading widely popular apps, as their reputation and popularity is often misused by malware developers.
And, if you get a spam message or a message from a friend, don’t install the linked app blindly, without first checking whether it’s malicious.