Multi-platform attack site discovered via fake Lookout Android app
Posted on 19.10.2012
Researchers from security firm TrustGo have recently spotted on Google Play a bogus app that supposedly automatizes the updating of a batch of other apps.

What piqued their interest was the fact that, once installed, the app could not be found in the Application List, but only in the Downloaded app list, and sporting the logo of the mobile security firm Lookout:



Further analysis of its behavior established that the app is capable of harvesting data (SMS and MMS messages, images and videos) from the Android device on which it is installed and send it to a remote server located in the U.S.

The researchers managed to access the server and have discovered messages and videos stolen from a number of users already, as well the fact that it hosts a malicious website that is capable of dropping malware on the visitors' machines.

"The Android malware found on Google Play is just a part of the attack," the researchers warn. "The malicious website is targeting multiple platforms including Windows, Mac and Unix/Linux operating systems. It will drop different Trojan files depending on the userís operating system."

Lookout piped up to say that the fake app is in no way related to the company or the Lookout mobile security application. "Although the app does contain a Lookout branded asset, it was not primarily branded as a Lookout-specific update. The only way that a user could confuse the application with Lookout is after installation," they wrote.

After the researchers notified Google, the app has been removed from Google Play, but there is no news on whether the malicious website and the server have been shut down.






Spotlight

Operation Pawn Storm: Varied targets and attack vectors, next-level spear-phishing tactics

Posted on 23 October 2014.  |  Targets of the spear phishing emails included staff at the Ministry of Defense in France, in the Vatican Embassy in Iraq, military officials from a number of countries, and more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Oct 24th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //