GPS Tracking Trojan Hidden In Android App

Security firm Symantec has warned of a new Trojan hidden within an Android game, which secretly uploads GPS user location information to a remote server, allowing another person to monitor the location of the phone without the knowledge of the user.

Dubbed AndroidOS.Tapsnake, the game in which the Trojan is hidden is a variation on the classic “snake” video game. According to its description in the Android Market, “This one listens to the taps for its turn directions”.

Location regularly updated

Researchers at Symantec picked up on the Trojan when they noticed that the Android “satellite” icon appeared in the top menu bar whenever the game was running. They discovered that the Tapsnake application was uploading GPS data every 15 minutes to an application running on Google’s free App Engine service.

This data can then be downloaded to a separate Android device, via a paid-for application called “GPS Spy”, which displays the data as location points in Google Maps. The person monitoring the compromised phone can also view the date and time of the specific points uploaded by the Trojan. This can paint a clear picture of where the Tapsnake user has been over the last 24 hours.

“The silver lining here is that for the application to really be used maliciously, an attacker would need to have access to the phone to install the program,” stated the Symantec blog. “For it to work, an email address and ‘key’ must be typed into the phone running AndroidOS.Tapsnake. This same registration information must later be typed into the phone running GPS Spy.”

The researchers explained that this would probably require a fair amount of social engineering – “something like ‘Hey, let me show you this cool game.’ (Think cheating spouses or keeping tabs on children.)” For this reason, they have concluded that it is not a major threat and probably not widespread. However, the fact that the application is disguised as something it’s not classifies it as a Trojan.

“Our advice for users of smartphones is to be careful of what you install and always check if the application you’re installing is asking for rights it doesn’t really need,” said Symantec.

Mobile security

Mobile security is increasingly becoming a priority, with many companies looking for enterprise-grade security and management for their employees’ smartphones. According to a recent survey by the Ponemon Institute, most respondents believe in the importance of anti-virus and anti-malware on mobile devices, as well as encryption, but are concerned about the cost of prevention methods.

Last week, a reporter at the BBC created a smartphone application which spies on the owner of the device, in an attempt to prove how straightforward it is to create malicious software for mobiles. The malware, disguised as a simple noughts and crosses game, hid under the hood gathering contacts, copying text messages, logging the phone’s location and sending it to a specially set up email address.

Meanwhile, BlackBerry maker Research In Motion is at the centre of a mobile security controversy, after governments in United Arab Emirates, Saudi Arabia and India threatened to block the sending of emails, accessing the Internet, and delivering instant messages to RIM’s Blackberry handsets. The level of encryption that RIM provides prevents security services from monitoring the devices, and the governments claim this a security issue.

Sophie Curtis

View Comments

  • We designed and manufacturered small GPS locator for children and pets. I'd like to know if you are interested in distributing our product. Our GPS tracker is very small size(61 x 34 x 12.5mm) and light-weighted(32 gram or 1.1 ounce), easy to use by GSM SMS commands. If you are interested please don't hesitate contact us. We are able to provide customized tracking device according to your need. Thank you very much for your time!

Recent Posts

Australia Rejects Elon Musk Claim About Social Media Ban For Under-16s

Government minister flatly rejects Elon Musk's “unsurprising” allegation that Australian government seeks control of Internet…

3 hours ago

Northvolt Files For Bankruptcy Protection In US

Northvolt files for Chapter 11 bankruptcy protection in the United States, and CEO and co-founder…

4 hours ago

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

20 hours ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

22 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

23 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

1 day ago