Multi-platform attack site discovered via fake Lookout Android app
Posted on 19.10.2012
Researchers from security firm TrustGo have recently spotted on Google Play a bogus app that supposedly automatizes the updating of a batch of other apps.

What piqued their interest was the fact that, once installed, the app could not be found in the Application List, but only in the Downloaded app list, and sporting the logo of the mobile security firm Lookout:

Further analysis of its behavior established that the app is capable of harvesting data (SMS and MMS messages, images and videos) from the Android device on which it is installed and send it to a remote server located in the U.S.

The researchers managed to access the server and have discovered messages and videos stolen from a number of users already, as well the fact that it hosts a malicious website that is capable of dropping malware on the visitors' machines.

"The Android malware found on Google Play is just a part of the attack," the researchers warn. "The malicious website is targeting multiple platforms including Windows, Mac and Unix/Linux operating systems. It will drop different Trojan files depending on the userís operating system."

Lookout piped up to say that the fake app is in no way related to the company or the Lookout mobile security application. "Although the app does contain a Lookout branded asset, it was not primarily branded as a Lookout-specific update. The only way that a user could confuse the application with Lookout is after installation," they wrote.

After the researchers notified Google, the app has been removed from Google Play, but there is no news on whether the malicious website and the server have been shut down.


Credential manager system used by Cisco, IBM, F5 has been breached

Pearson VUE is part of Pearson, the world's largest learning company. Over 450 credential owners (including IT organizations such as IBM, Adobe, etc.) across the globe use the company's solutions to develop, manage, deliver and grow their testing programs.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Tue, Nov 24th