With the exception of Mr. Deed's butler, Emilio, sneaky people need to use night vision goggles to move around in the dark without being caught. Ironically some wise-guy cybercriminals seemed to think that a night vision camera application would be a great disguise for an Android SMS Trojan, however, they were caught.
Discovered by antivirus firm Avast, Camara Vision Nocturna bypassed Google Bouncer and was published on Google Play, remaining there for several days before being removed. The application advertised that it was a night vision camera but was really nothing more than malware with a green filter.
Not even sneaky cybercriminals can remove the telltale signs of malware. Camara Vision Nocturna includes the ominous permissions of an SMS Trojan, most notably the ability to write and send SMS messages on the device. This is why it is important to review application permission before installing anything. Consider what application is being downloaded (in this case a photography application) and avoid downloading applications that request permissions with no relevance to the apps advertised function (this app request numerous permission unrelated to the camera).
As soon as this SMS Trojan is installed on a device it will begin its malicious background activity. First this Trojan steals account details from the infected device then it begins sending SMS messages to a premium rate SMS number, 797080. The premium SMS number is based in Spain and charges €1.45 per SMS message. The Trojan will continue to send SMS messages to this service to incur the maximum charge of €36.25 per month on the victims mobile phone bill.
The premium service number belongs to a larger company called Jpa Comunicaciones who offer subscription based premium SMS services. It appears that this premium service has been commonly abused in Spain and there are several forums discussing the erroneous charges that result from this SMS Trojan and others like it. There is a customer support number (No. 902 501 765) as well as a customer support email address (email@example.com). It is never a good sign when a business uses a free-mail address and emails sent to these addresses rarely receive a response.
If you ever receive an SMS message that you suspect may be from a premium SMS service you can text STOP to the number to cancel any further messages or potential subscriptions. Google Play security is not infallible and Android users should be careful to review application permissions before accepting and downloading an app. Keep these tips in mind when using your Android device to avoid SMS Trojans and other Android malware.
- Install and use an Android antivirus application to detect and prevent a malware infection.
- Always stay up to date with application, operating system, and antivirus updates. Updates often include patches to newly discovered security vulnerabilities and keep the device protected against the latest threats.
- Read user reviews and research applications before installing. Look for an application developer's website and social media accounts to establish if the developer is trustworthy.
- Trust your instincts; don't download anything that seems too good to be true.♦
James Green is a mobile security researcher who has worked in the Android security field for several years providing privacy and security advice to Android users. Email:James@ArmorforAndroid.com; Twitter:@James_AfA