YOU ARE AT:WirelessNew trojan for Android: GGTracker

New trojan for Android: GGTracker

Our friends over at Lookout Mobile Security have identified a new trojan for Android – GGtracker. For anyone who is not familiar with the term ‘Trojan’ the clue is in the name – software that looks like something nice and safe to install and then it does lots of nasty things when you are not looking.

The “nasty things” that this particular trojan does it to sign the user up to a number of premium rate SMS services – which could lead to significant and unexpected charges.

In this instance the damage is done, initially, via an in-app ad. If the user clicks on this add they are directed to a page which deliberately looks like the Android market.

The user is then tempted to install an app from this fake market – either a battery saver app or a porn app. Once the app download has started, the user is presented with a new dialogue which prompts them to install via the download notification.

Now the user is caught, because the app proceeds to contact a server which merrily subscribes you to a number of premium rate SMS services without you even being aware of what has happened.  These services usually require some user interaction to activate them, such as answering a number of questions, but these users need not worry themselves with such trivialities.  The attacker’s server will happily answer all these questions on the user’s behalf and the first thing they will know about it is when their mobile bill doubles overnight.

So, how on earth can us Android users be safe?

First of all – don’t panic.  Android is, in general, a very safe operating system and with a few simple safeguards you can remain entirely untouched by the nasty underbelly of the smartphone world.

  1. Use common sense.  If a link sends you somewhere other than the expected destination then back off.
  2. Only get apps from trusted sources.  If you can get it from the official market, then do so  otherwise make sure the source is reputable.
  3. Keep a lookout for unusual activity on your phone. At this point you are probably already compromised, but the sooner you realise and take action, the greater the damage limitation will be.
  4. Install a decent mobile security app. Obviously Lookout is on option – but there are others. AVG, a popular desktop anti virus, also do an Android virus/malware checker.

The particular advantage to getting a security app is not just protection from this threat, but also future ones.

ABOUT AUTHOR