• United States



by Taylor Armerding

A malware-induced rapture for mobile devices?

May 25, 20113 mins
AndroidApplication SecurityCloud Security

May 21 didn't turn out to be the end of the world. But it did bring a reminder that the world is an increasingly risky place for mobile devices.

May 21 didn’t turn out to be the end of the world. But it did bring a reminder that the world is an increasingly risky place for mobile devices.

A Trojanized version of a legitimate app, which was set to activate on May 21 and 22, is one more example of the growing malware threat to mobile devices, according to John Harrison, group product manager with Symantec Security Response.

The latest is Android.Smspacem, embedded in pirated versions of the legitimate “Holy (expletive) Bible” app. The Android operating system is one of the most popular platforms for smart phones.

Also see: Your Android’s dirty little secret

Harrison says threats in the mobile space have “gone from nonexistent” to an increasing problem precisely because of the popularity of certain platforms.

“Where there is volume in a platform, there is value to the bad guys,” he says.

According to a Symantec blog, once the threat is installed, it waits for the device to reboot, and then starts a service called “theword.” It then attempts to contact a host service, passing along the device’s phone number and operator code, and also to retrieve commands from a remote location.

These same actions are carried out every 33 minutes. In addition to having abilities to respond to commands through the Internet and SMS, the threat also has activities that are designed to trigger on May 21 and 22.

Also see: Smartphone botnets? New report predicts mobile devices will be part of DDoS attacks

On those dates, the malware began automatically replying to SMS messages sent to infected devices with the following text, mocking the “end-of-the-world” predictions: “Cannot talk right now, the world is about to end.” It then randomly selected one of several other similar predefined messages and sent those to users’ entire contact lists.

It also changed infected devices’ wallpapers to several predefined images, one of them promoting a PAC for faux news anchor Stephen Colbert.

Symantec, the Mountain View, Calif.-based maker of Norton information management and security products, has already provided detection for the threat, known as Android.Smspacem.

But the best way to deal with such threats is to learn to avoid them in the first place.

Harrison says most people are now aware that they should not download any .exe file, but are less savvy when it comes to the newer threats, which in some cases may come from a friend whose device has already been compromised.

To avoid malware on your mobile device:

  • Use only regulated Android marketplaces to download and install apps. “Free isn’t always free,” Harrison says. You may think you’re getting a legitimate app, but there may be something in the background waiting for the next time you log into your bank.”
  • Use an option in your Android OS application settings to stop the installation of non-market applications. On most devices this option is off, by default.
  • Before you download, check user comments, to see if the application is safe.
  • Check the access permissions requested during the installation of any Android applications. If they seem excessive, stop the installation.
  • Finally, “just be a little patient,” Harrison says, advising users not to download an app the first time they hear about it. “Remember, you have as much power, or more, in your pocket as you have on your desktop. And that has very valuable information to bad guys.”