Multi-platform attack site discovered via fake Lookout Android app

Researchers from security firm TrustGo have recently spotted on Google Play a bogus app that supposedly automatizes the updating of a batch of other apps.

What piqued their interest was the fact that, once installed, the app could not be found in the Application List, but only in the Downloaded app list, and sporting the logo of the mobile security firm Lookout:

Further analysis of its behavior established that the app is capable of harvesting data (SMS and MMS messages, images and videos) from the Android device on which it is installed and send it to a remote server located in the U.S.

The researchers managed to access the server and have discovered messages and videos stolen from a number of users already, as well the fact that it hosts a malicious website that is capable of dropping malware on the visitors’ machines.

“The Android malware found on Google Play is just a part of the attack,” the researchers warn. “The malicious website is targeting multiple platforms including Windows, Mac and Unix/Linux operating systems. It will drop different Trojan files depending on the user’s operating system.”

Lookout piped up to say that the fake app is in no way related to the company or the Lookout mobile security application. “Although the app does contain a Lookout branded asset, it was not primarily branded as a Lookout-specific update. The only way that a user could confuse the application with Lookout is after installation,” they wrote.

After the researchers notified Google, the app has been removed from Google Play, but there is no news on whether the malicious website and the server have been shut down.