Android users face yet another security risk after a new piece of malware was discovered to be targeting the mobile operating system.

The discovery was made by security firm Zscaler, which said the Android malware portrays itself as a Microsoft Word document in an effort to get victims to click on the well-known file icon.

Disguised Malware

Zscaler said that the malicious app is designed to look like a Microsoft Word document and presents itself with an icon resembling Word.

Android users should be on the look for a file that portrays itself as a data file with an icon similar to that used by Microsoft Word documents. The file is entitled ‘资料’ (Data), and it apparently runs with admin access and thus cannot be easily uninstalled.

It places a Word icon on the screen, and as soon as victim tries to start the app by clicking on the Word icon, it comes with the follow error message – “Installation errors, this software is not compatible with the phone”.

The Word icon then disappears from the device screen, leaving the user to think it has disappeared.

But in reality the malware has been installed and behind the scenes it scans the device for SMS messages and other personally identifiable information such as the IMEI number, SIM card number, Device ID, and even the victim’s contact information. All of this valuable information is then sent to the attacker via email.

“We were able to confirm that the campaign was initiated on October 10, 2015 and almost 300+ users had fallen prey to this malware,” said Zscaler. “The attacker was able to successfully retrieve message details and contact lists from the infected users.”

Zscaler recommends that Android users download apps only from official Android stores like the Google Play store.

If a user is infected with this malware, Zscaler said they should follow the steps mentioned in its previous blog about removing malicious Android apps.

Other Malware

Zscaler researchers have been busy of late discovering a number of malware relating to the Android operating system.

In September Zscaler discovered a nasty piece of Android ransomware in the form of the Adult Player app. This app was not available to download from the Android app store but had to be accessed from other sites, and appeared to offer pornographic videos.

But in reality, when it was opened, it secretly took pictures of the user with the phone’s front-facing camera, before the device was locked and displayed a demand for $500 (£330).

And in July Zscaler also discovered a malicious application posing as a popular batter monitoring app from the Google Play Store.

The ‘evil’ app spoofed BatteryBot Pro from Darshan Computing, which costs £2.49, but the rogue version was available for free. Those unfortunate enough to install it, soon discovered that it would use their smartphones to send premium-rate text messages and display pop-up adverts. It also prevented people from deleting the app.

Google subsequently removed the malicious application from the Google Play Store.

What do you know about Internet security? Find out with our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

X’s Community Notes Fails To Stem US Election Misinformation – Report

Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…

1 day ago

Google Fined More Than World’s GDP By Russia

Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…

1 day ago

Spotify, Paramount Sign Up To Use Google Cloud ARM Chips

Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…

2 days ago

Meta Warns Of Accelerating AI Infrastructure Costs

Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…

2 days ago

AI Helps Boost Microsoft Cloud Revenues By 33 Percent

Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…

2 days ago