After Geinimi Trojan, another Android Trojan virus named “HongTouTou” has become a threat for Chinese speaking Android users, reported Lookout on its official blog. The company has reported fourteen separate instances of this malware. Acoording to Lookout Mobile Security, this Trojan is posing a real threat and is being distributed through repackaged versions of other Android apps, including RoboDefense and many other wallpaper apps. Also called ADRD trojan, this malware attacks the phone by requesting additional user permissions and looks like running some search activities in the background, which are unknown to the user.
When an infected repackaged version of app is downloaded, it requests following unusual permissions:
As soon as the app starts, it sends the device’s IMEI and IMSI to a remote host which in turn sends a set of search engine target URLs and search keywords to HongTouTou to receive as queries. As the malware starts search process using these keywords, it starts clicking the crawl results and it appears like the search results are coming from the mobile user using a mobile web browser with User-Agent corresponding to the UCWeb browser (J2ME/UCWEB126.96.36.199). It also processes a command to download an Android Package File and later on control SMS conversations and insert spam into them. Currently only Chinese users are affected but Lookout gives some security tips to users for staying safe. The company also informed that those already using Lookout are already protected against this malware.
Lookout Mobile Security is becoming proactive, having also launched the App Genome Project this week, its main focus being consumer outreach and education. Kristen Nicole’s take on the report delves into alternative marketplace trends, an area of increasing interest for the mobile industry. The App Genome Project analyzed two alternative markets for Android targeting Chinese users that included legit need for localized apps. It also predicted the danger of unregulated app marketplaces as these can increase the risk of malware invading the user phones.
Mobile security was also a hot topic at the RSA Conference 2011. Microsoft’s corporate vice president for trustworthy computing, Scott Charney proposed that computers should be obligated to present cryptographically signed claims to ISPs about the status of their computer “health.” He said, “What’s really changed is that as we started thinking more about the identity model, where you pass claims about your identity, we realized a better model is to pass claims about machine health, where the user controls the claims.”