Attackers Using Anime Character to Spread Malicious Android App

2012-09-11T19:51:02
ID THREATPOST:00ADF1929BA594845FD3158C054A0C38
Type threatpost
Reporter Michael Mimoso
Modified 2013-04-17T16:31:35

Description

Symantec is warning Android users of a new malicious application posing as a famous Anime character that steals personal contact information stored on the device and sends it to a third party.

The Anaru application is in fact the Android.Maistealer malware, a Trojan designed to steal data such as contact names and email addresses from Android mobile devices. It is now hosted on third-party marketplace designed to look like Google Play. Symantec researcher Joji Hamada said the app is not available on Google Play. Upon its discovery July 24, the initial infection rate was low, but now that it has a dedicated site from which it’s distributed, a ramp-up is expected.

Users are unaware the application, which features one of the lead characters in a popular 2011 Japanese anime, is malicious. It behaves as promised by allowing the user to manipulate the character Anaru’s body by touching the device screen.

The problem, however, appears much earlier during installation when the app asks the user to allow it access to storage, network communication and personal information, Symantec said, adding that such an application would have no need for access to personal information.

The same group is also spreading the Android.Enesoluty data-stealing Trojan via spam messages enticing recipients to download a phone battery-saving application called EnergyHelper1 from another phony marketplace. Symantec said these battery-saving applications are becoming popular among scammers.

We now know that this criminal group was not just playing around with the Anaru app in July,” Hamada said. “They have been busy developing another app, as well as setting up dedicated sites to imitate legitimate app markets.”