Homepage Sophos newsroom
Register as BUSINESS Register as PR AGENCY Register as JOURNALIST

Android malware authors take a crack at the Japanese market

Announcement posted by Sophos 10 Sep 2012

Blog post by Paul Ducklin, Sophos

Informally, our statistics put countries like Russia, China and the USA at the top of the charts when it comes to being the target of Android malware.

Whether it's leeching data from your phone, tricking you into sending pricy SMSes, or some other money-making scam, malware targeting Japanese speakers has been very rare so far.

For every 1000 dodgy Android apps targeting Russian speakers, we've seen about one app aimed at Japan.

But that doesn't mean if you're in Japan you can let your guard down.

With some commentators suggesting that Android has now bagged a whopping two-thirds share of the Japanese smartphone market, it's reasonable to assume that the crooks will spread their wings.

Today, for example, we looked at a pair of data-stealing Trojans, almost certainly produced at the same time by the same group of scammers, each targeting its own part of the Japanese market. Sophos detects these Trojans as Andr/Loozfon-A.

One is obviously aimed at blokes, offering - who would ever have imagined it? - free porn; the other was apparently originally delivered by a website offering job opportunities to young women.

Both malware samples steal the same stuff, using the same Java code, and upload it to the same website, hosted in Taiwan. The crooks are after your phone number, your IMEI (unique phone identifier) and your address book. Once they've harvested your contact list, it's a good bet that your friends will start getting messages trying to suck them into the same cycle.

(Naked Security readers often ask us, "How do phone spammers get my number? I've never published it openly or used it online. Only my friends know it." Of course, it only takes one mistake by one person amongst your friends to lose or leak the number of everyone in your coterie.)

The blokey Trojan asks whether you're over 18 or not. If you say you are under 18 then the crooks thoughtfully shield you from the porn, though they help themselves to your data either way.

The other Trojan variant simply asks you Will you win???, and then shows you a brief countdown before giving you the news - hardly unexpected at this stage in the story - that Unfortunately, you missed out.

Not exactly ground-breaking malware, and easily avoided if you stick to Google's official app marketplace, the Play Store, or keep your wits about you, or both.

But don't be complacent. Even if you live in a region, or speak a language, that has largely been left alone by Android malware authors so far, don't assume this state of affairs will continue for ever.

There's plenty of money to be made dishonestly, and plenty of data to be grabbed unlawfully, from mobile phone users. And, sadly, where there's a will, there's a way.

You could also consider running security software on your Android device - and, yes, Sophos just happens to have a freebie for you.

It's in the Play Store. Simply head there and search for "Sophos". No registration, no password, no email address.