With the Super Bowl Sunday rapidly approaching, online crooks are suiting up and hitting the field to make some quick cash off football fanatics, and especially fans of the Madden video game franchise.
Researchers at Symantec detected a fake version of Madden NFL 12 for Android spreading around the Web. The app spoofs the cover of the real Electronic Arts (EA) app, but those who download it are met with a crushing blow; there is no game.
That's not the bad part. The malicious smartphone app drops a Trojan on users' devices that automatically sends unauthorized text messages to premium-rate numbers in Belgium, Switzerland,Sierra Leone and Romania, among other far-off destinations, running up the victims' phone bills without their knowledge. Symantec identified the Trojan as a variant of the Foncy Trojan family, a known offender.
Once the app is off and running, "it has full control of the device," Symantec said in a blog post, and is able to root the phone, meaning it can attain administrative access to the phone or even completely wipe the phone's operating system.
The hard-hitting action doesn't stop there: The Trojan hiding in the malicious Madden app, in addition to running up victims' phone bills, (and blocking them from seeing that there phone has sent any of these premium-rate texts) alsoattempts to connect to a remote server, which can then feed it more nasty commands to execute.
To protect yourself from nasty Trojans like this one, make sure you only download appsfrom Android's official App Market, and read the user reviews and comments before doing so. Also, make sure you run anti-virus software on your smartphone, which can help tackle Trojans before you get hurt.