updated 4/16/2012 12:26:52 PM ET 2012-04-16T16:26:52

A sneaky new Android Trojan is lurking in the Google Play market, posing as a racy adult video that, if installed, harvests batches of your private phone information and sends it to crooks.

The phony app appears to be from Hamnaruka, a legitimate Japanese Android app developer, but it's a front; installing the app won't get you a video of the Japanese girl shown in the app's icon, but instead it will launch a Trojan that siphons your unique Android ID and sends it to a remote server. Another batch of rigged apps with the same devious capabilities comes advertised as a movie preview, with the simple title, "the Movie."

Hidden inside these apps is a Trojan, identified by McAfee  as "Android/DougaLeaker.A," that asks permission to read your contact data, access your Internet and read your "phone state and identity." If you grant these permissions, the Trojan will obtain your phone number and contacts list  — including each contact's phone number and email address — and ship it off to a remote server in clear text.

This sensitive data could be vital information for crooks, who could exploit it to send barrages of spam  or to craft targeted phishing attacks.

McAfee says it has discovered 15 infected apps that appear to come from two developers, Hamnaruka and Tsunakan. These rigged apps have been downloaded by "at least 70,000 users." The apps, McAfee said, have been removed from the Google Play market.

The security firm Symantec  has been monitoring the DougaLeaker Trojan, and found it in 29 different Android apps, many of which have "the Movie" in the title, from seven different developers. Symantec suggested that these compromised apps could have been installed nearly 300,000 times.

Android Trojans unfortunately have become a nasty part of Android's smartphone ecosystem, but with some common sense and a skeptic's eye, most smartphone threats can be avoided. Make sure to read the user comments and review before you install any app; if the app has received negative reviews or been flagged as corrupt, stay away from it. If an app requests permissions you feel are too invasive or you aren't comfortable giving, don't install the app.

And make sure you run anti-virus software on your smartphone. Just because your computer is in your pocket instead of on your desk doesn't mean you shouldn't protect it the same way.

© 2012 SecurityNewsDaily. All rights reserved


Discussion comments


Most active discussions

  1. votes comments
  2. votes comments
  3. votes comments
  4. votes comments