Android Malware Detected - "Roar of the Pharaoh"
A Chinese again tries to hack android, and this time from behind a game named "The Roar of the Pharaoh". The bug was spotted by a security researcher from Sophos. The game has no security or permission issues while it is installed which lets the Android user believe that it is a non-malicious software and will not harm the system.
But, on the contrary, what the game does is that it collects all the sensitive information from the device and sends it to the authors via an SMS with premium rates, without taking the user's permission. The Trojan sends information like the phonebook entries, SMSs, IMEI number, phone number, OS version etc. Though no cases illegal usage of the users information have been reported yet.
According to the vendor, the malware masquerades as a service called "GameUpdaterService", which sounds like a legitimate name for an application, yet another indication of the social engineering element part of the campaign, next to the actual brand-jacking of a legitimate game’s name.
The application has been detected as an Stinter-A, the mobile phone companies process the money to the authors before the application user gets the bills.Michael Sutton, vice president of security research at cloud-based security provider Zscaler, said "the fake "The Roar of the Pharaoh" app for Android reflects the shift of malware authors to target the Android platform, whether smartphones or tablets. Fake game apps that are really Trojans are increasing and "this is a typical scam for Android now," he added.
The interests of the hackers has now shifted towards the Android phones from computers. The android officials have not spoken anything much about this application, but have warned its users to beware of such malicious applications.
The authors have not been caught yet, and the Chinese Security is still working to put them behind the bars.
Ajit Singh is the newest member of RHA team, He blogs at www.coolestwebsite.tk, If you would like to join our team of authors, Feel free to email at firstname.lastname@example.org