Another malicious Android Trojan has been spotted hiding in a fake Gmail app to spy and steal from those tricked into downloading it.
Discovered by the security firm NQ Mobile, the fake app hides "DDSpy," a piece of malware that, unbeknownst to the phone user, sneaks onto the device and receives commands from a remote server. Those commands, sent via text, include siphoning the victim's call log, text messages and voicemails, data that is sent to the server in an email.
"Because DDSpy is installed into the Android device without your knowledge, you won't see any signs that you've been bugged," NQ Mobile explained. "However, every call you make and every SMS message you send will be recorded in the database to be uploaded in the configured email."
DDSpy also "reserves a GPS-uploading interface for future development," a feature NQ Mobile believes will enable the weapon to "evolve into more malicious spyware."
DDSpy joins an impressive list of Android Trojans and other covert cyberweapons that have kept smartphone users on their toes, including Nickispy, DroidDream, DroidKungFu, GGTracker, Foncy and UpdtBot, all of which are capable of harvesting sensitive data from victims' phones.
Because Gmail is on every Android installation at the time of purchase, it should, with a little skepticism and common sense, be easy to avoid DDSpy: Ignore any links to suspicious-looking Gmail apps in the Google Play market, and make sure you outfit your phone with mobile anti-virus software.