New Android Trojan spreads like a worm
Posted on 30.04.2014
A new SMS Trojan with worm-like spreading capabilities has been spotted targeting Russian Android users.

Dubbed "Samsapo," the malware can also extract information (phone numbers, text messages) from the infected device and send it to a remote server, can download additional malicious files from predefined URLs, and can block phone calls and change alarm settings.

The Trojan is difficult to spot - its package is named in a way to make it seem that the software is a system utility app and, once installed, it does not show an icon, and doesn't have a GUI that the user can access by accident.

The method it uses for spreading is still very unusual for Android malware, and takes a leaf from the playbook of Windows-oriented malware peddlers: users get infected when they receive an SMS (apparently sent by a known contact) that says (in Russian): "Is this your photo?" and they download the linked-to malicious APK package.

Once on the target device, the malware continues the infection cycle by sending out the same message to the people whose contact details are stored on it.

"The attacker’s domain that serves as a drop-zone for the Android malware was registered on April 24, 2014," shared ESET researcher Robert Lipovsky. Currently only Russian users are targeted, but this malware has the potential to spread far and wide with only a few tweaks.

Luckily, users can protect themselves from it and from other Android malware by being careful what links they follow and what apps they download, and also by restricting the installation of apps from unknown sources.


Using Hollywood to improve your security program

Posted on 29 July 2014.  |  Tripwire CTO Dwayne Melancon spends a lot of time on airplanes, and ends up watching a lot of movies. Some of his favorite movies are adventures, spy stuff, and cunning heist movies. A lot of these movies provide great lessons that we can apply to information security.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Wed, Jul 30th