Android Worm Malware Leaves Victims Wriggling

By James Green ~ May 2nd, 2014 ~ 10:11 AM MST

hats (1)

There are few games more classic than Worms. For nearly 20 years friends have been attempting to destroy each other with a variety of weapons ranging from Homing Pigeons and Miniguns, to exploding Sheep and Holy Hand Grenades (the HHG being homage to the great Monty Python sketch). These worms, these happy worms, have created everlasting memories for millions throughout the years, but while these worms have been exploding for our entertainment a very different kind of worm has been causing havoc on computers and now Android devices.

In late April security firm ESET discovered an Android Trojan which they dubbed Android/Samsapo.A, as it turned out this was not your average Trojan. In addition to an armory of malicious functions Android/Samsapo.A also exhibited worm-like characteristics.

Security researcher Robert Lipovsky describes Android/Samsapo.A as “novel.” In terms of computers (PCs and laptops) worm malware is as old as the day is long, but worm-style malware is not something that is often seen on Android.

A computer worm is malware that will attempt to replicate in order to spread. Traditionally computer worms spread as email attachments or malicious URL links in instant messages. But since Android/Samsapo.A is a worm targeting Android devices, namely smartphones, it exploits the device’s ability to send SMS messages (text messages) to spread to additional victims.

A device infected with Android/Samsapo.A sends a text message to all of the contacts on the device. The message is written in Russian and translates to “Is this your photo?” The text message also includes is a malicious URL that links to the Android/Samsapo.A worm file. If the recipient of the text has the misfortune to click the malicious URL the Android/Samsapo.A threat is automatically downloaded to the device.

Android/Samsapo.A does not place an icon in the application menu and attempts to go unnoticed by impersonating a system application in the settings/application menu. Like real worms this threat prefers to stay hidden, and like our video game worms this threat can cause some serious damage.

The Holy Hand Grenade of Android/Samsapo.A is its ability to download additional files and applications. There is no way to tell what type of malicious function these downloaded files might have and there is a very long list of nefarious possibilities.

The worm-like features of Android/Samsapo.A make this a very unusual Android threat, however it does also display some more common malware characteristics. Among these more common features is premium service fraud. Android/Samsapo.A sends SMS messages to premium SMS phone numbers that will incur additional charges to the mobile phone bill. Android/Samsapo.A is also a substantial privacy threat and steals personal information, phone numbers, and text messages and uploads the stolen infomraiton to a remote server controlled by the malware author.

Android malware is becoming more complex and we are seeing a great deal of PC style threats make the transition to the Android platform. Android/Samsapo.A is another example of the advancement of mobile malware. We expect to see more and more of these type of threats in the future.

Protection Yourself

Virtual security is as much about antivirus software as it is good online habits. It is important to take your own security seriously, be skeptical on the internet. Keep the following tips in mind when using your Android device (or any internet capable device) to keep your personal information safe and secure.

  • Be Skeptical. Always read reviews and research applications and developers before downloading an app. Look for a customer support number/email, and social media account to ensure you have a means to contact the company if you have any problems.
  • Don’t download anything from an untrustworthy source.
  • Stay up-to-date with application and operating system updates. Updates are often designed to make your device more secure and patch newly discovered security vulnerabilities.
  • Install and USE an antivirus application. Antivirus applications help to detect and avoid threats.♦

James Green is a mobile security researcher who has worked in the Android security field for several years providing privacy and security advice to Android users. Email: James@ArmorforAndroid.com; Twitter: @James_AfA

One thought on “Android Worm Malware Leaves Victims Wriggling

  1. Pingback: Android Malware Roundup: April 2014

Comments are closed.