Security firm Symantec has warned of a new Trojan hidden within an Android game, which secretly uploads GPS user location information to a remote server, allowing another person to monitor the location of the phone without the knowledge of the user.
Dubbed AndroidOS.Tapsnake, the game in which the Trojan is hidden is a variation on the classic “snake” video game. According to its description in the Android Market, “This one listens to the taps for its turn directions”.
Researchers at Symantec picked up on the Trojan when they noticed that the Android “satellite” icon appeared in the top menu bar whenever the game was running. They discovered that the Tapsnake application was uploading GPS data every 15 minutes to an application running on Google’s free App Engine service.
“The silver lining here is that for the application to really be used maliciously, an attacker would need to have access to the phone to install the program,” stated the Symantec blog. “For it to work, an email address and ‘key’ must be typed into the phone running AndroidOS.Tapsnake. This same registration information must later be typed into the phone running GPS Spy.”
The researchers explained that this would probably require a fair amount of social engineering – “something like ‘Hey, let me show you this cool game.’ (Think cheating spouses or keeping tabs on children.)” For this reason, they have concluded that it is not a major threat and probably not widespread. However, the fact that the application is disguised as something it’s not classifies it as a Trojan.
“Our advice for users of smartphones is to be careful of what you install and always check if the application you’re installing is asking for rights it doesn’t really need,” said Symantec.
Mobile security is increasingly becoming a priority, with many companies looking for enterprise-grade security and management for their employees’ smartphones. According to a recent survey by the Ponemon Institute, most respondents believe in the importance of anti-virus and anti-malware on mobile devices, as well as encryption, but are concerned about the cost of prevention methods.
Last week, a reporter at the BBC created a smartphone application which spies on the owner of the device, in an attempt to prove how straightforward it is to create malicious software for mobiles. The malware, disguised as a simple noughts and crosses game, hid under the hood gathering contacts, copying text messages, logging the phone’s location and sending it to a specially set up email address.
Meanwhile, BlackBerry maker Research In Motion is at the centre of a mobile security controversy, after governments in United Arab Emirates, Saudi Arabia and India threatened to block the sending of emails, accessing the Internet, and delivering instant messages to RIM’s Blackberry handsets. The level of encryption that RIM provides prevents security services from monitoring the devices, and the governments claim this a security issue.
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…
View Comments
We designed and manufacturered small GPS locator for children and pets. I'd like to know if you are interested in distributing our product. Our GPS tracker is very small size(61 x 34 x 12.5mm) and light-weighted(32 gram or 1.1 ounce), easy to use by GSM SMS commands. If you are interested please don't hesitate contact us. We are able to provide customized tracking device according to your need. Thank you very much for your time!