By
updated 3/14/2011 2:14:10 PM ET 2011-03-14T18:14:10

Two sneaky spyware apps have been found on Android smartphones in the U.S., while yet another Trojan has been turned up in pirated apps sold in unauthorized online stores in China.

All are capable of harvesting users’ calls and messages, as well as secretly racking up huge texting bills.

The security firm NetQin Mobile this past week identified two spyware programs mainly found in the U.S., “SW.SecurePhone” and “SW.Qieting.”

SW.SecurePhone runs in the background of Android devices, collecting data from the phone’s SecureData memory card — including text messages, call logs, the phone’s GPS location and saved pictures. The stolen data is uploaded to a remote server every 20 minutes.

The other spyware program, SW.Qieting, forwards users’ text messages to the perpetrator’s own phone without the victim’s knowledge.

The security firm Symantec has discovered a Trojan dubbed “Android.Pjapps” that embeds itself in pirated Chinese-language versions of popular Android apps, such as Steamy Window. It functions similarly to SW.Qieting.

Both SW.Qieting and Android.Pjapps generate big bucks for mobile hackers because victims are charged premium text message rates for each text they (unknowingly) send -- and the hackers are paid commissions by the cellular service. Android.Pjapps even blocks alerts to users who’ve exceeded their monthly text-message limit.

Pirated versions of legitimate Android apps, modified to deliver malware, have been cropping up for several months on third-party online app stores in China. What’s unusual about SW.SecurePhone and SW.Qieting is that they’ve also been found in the U.S.

Suspicious apps can be removed from Android devices by opening the Google Android menu, selecting Applications under the Settings icon, clicking Manage Applications, and then selecting the application and clicking Uninstall.

To avoid falling victim to sneaky Android apps, security experts advise users to only download apps from trusted sources — never from unauthorized app stores — and to carefully review what permissions each app asks its users to grant.

 

 

© 2012 SecurityNewsDaily. All rights reserved

Discuss:

Discussion comments

,

Most active discussions

  1. votes comments
  2. votes comments
  3. votes comments
  4. votes comments