According to mobile security company Lookout, there is a new version of Android malware in the wild and this one is a little bit different from what has come before.
Known as GGTracker, the application can be downloaded from the mobile browser through an advertisement that brings users to a page that is set up to look like the Android Market. Once a user has downloaded the GGTracker Tracker Trojan it sends SMS messages to premium subscription services that would normally require online registration.
The clever bit in this new malware is the fake Android Market installation screen. Yet, since it is not the actual Android Market, it is doubtful that Google can reach into users phones to automatically disable the Trojan, the way the company did with the DroidDream malware that struck earlier this year. We have contacted Lookout and Google to see if this is a possibility.
Once a user has clicked through to the fake installation page they are prompted to install and application, like a "fake battery optimizer package as t4t.pwower.management and in another a porn app packaged as com.space.sexypic," according to Lookout. Once a user clicks on the download button, the malicious app will direct the user to install the app via Android's download notification.
The app will then ping a server that will register the user to premium SMS subscription services that would normally involve answering questions or a PIN to register for. The app communicates with the malicious server without the users' knowledge.
This malware looks a lot like something users would find on the Web as opposed to a mobile hack and signifies a new approach for malware makers in the mobile realm. It is always a good idea to have some type of security software on your Android device, such as Symantec or Lookout, both of which will scan any download a device makes to discern the intent of the application.