Multi-platform attack site discovered via fake Lookout Android app
Posted on 19.10.2012
Researchers from security firm TrustGo have recently spotted on Google Play a bogus app that supposedly automatizes the updating of a batch of other apps.

What piqued their interest was the fact that, once installed, the app could not be found in the Application List, but only in the Downloaded app list, and sporting the logo of the mobile security firm Lookout:

Further analysis of its behavior established that the app is capable of harvesting data (SMS and MMS messages, images and videos) from the Android device on which it is installed and send it to a remote server located in the U.S.

The researchers managed to access the server and have discovered messages and videos stolen from a number of users already, as well the fact that it hosts a malicious website that is capable of dropping malware on the visitors' machines.

"The Android malware found on Google Play is just a part of the attack," the researchers warn. "The malicious website is targeting multiple platforms including Windows, Mac and Unix/Linux operating systems. It will drop different Trojan files depending on the userís operating system."

Lookout piped up to say that the fake app is in no way related to the company or the Lookout mobile security application. "Although the app does contain a Lookout branded asset, it was not primarily branded as a Lookout-specific update. The only way that a user could confuse the application with Lookout is after installation," they wrote.

After the researchers notified Google, the app has been removed from Google Play, but there is no news on whether the malicious website and the server have been shut down.


The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Fri, Aug 29th