GPS Tracking Trojan Hidden In Android App

Security firm Symantec has warned of a new Trojan hidden within an Android game, which secretly uploads GPS user location information to a remote server, allowing another person to monitor the location of the phone without the knowledge of the user.

Dubbed AndroidOS.Tapsnake, the game in which the Trojan is hidden is a variation on the classic “snake” video game. According to its description in the Android Market, “This one listens to the taps for its turn directions”.

Location regularly updated

Researchers at Symantec picked up on the Trojan when they noticed that the Android “satellite” icon appeared in the top menu bar whenever the game was running. They discovered that the Tapsnake application was uploading GPS data every 15 minutes to an application running on Google’s free App Engine service.

This data can then be downloaded to a separate Android device, via a paid-for application called “GPS Spy”, which displays the data as location points in Google Maps. The person monitoring the compromised phone can also view the date and time of the specific points uploaded by the Trojan. This can paint a clear picture of where the Tapsnake user has been over the last 24 hours.

“The silver lining here is that for the application to really be used maliciously, an attacker would need to have access to the phone to install the program,” stated the Symantec blog. “For it to work, an email address and ‘key’ must be typed into the phone running AndroidOS.Tapsnake. This same registration information must later be typed into the phone running GPS Spy.”

The researchers explained that this would probably require a fair amount of social engineering – “something like ‘Hey, let me show you this cool game.’ (Think cheating spouses or keeping tabs on children.)” For this reason, they have concluded that it is not a major threat and probably not widespread. However, the fact that the application is disguised as something it’s not classifies it as a Trojan.

“Our advice for users of smartphones is to be careful of what you install and always check if the application you’re installing is asking for rights it doesn’t really need,” said Symantec.

Mobile security

Mobile security is increasingly becoming a priority, with many companies looking for enterprise-grade security and management for their employees’ smartphones. According to a recent survey by the Ponemon Institute, most respondents believe in the importance of anti-virus and anti-malware on mobile devices, as well as encryption, but are concerned about the cost of prevention methods.

Last week, a reporter at the BBC created a smartphone application which spies on the owner of the device, in an attempt to prove how straightforward it is to create malicious software for mobiles. The malware, disguised as a simple noughts and crosses game, hid under the hood gathering contacts, copying text messages, logging the phone’s location and sending it to a specially set up email address.

Meanwhile, BlackBerry maker Research In Motion is at the centre of a mobile security controversy, after governments in United Arab Emirates, Saudi Arabia and India threatened to block the sending of emails, accessing the Internet, and delivering instant messages to RIM’s Blackberry handsets. The level of encryption that RIM provides prevents security services from monitoring the devices, and the governments claim this a security issue.

Sophie Curtis

View Comments

  • We designed and manufacturered small GPS locator for children and pets. I'd like to know if you are interested in distributing our product. Our GPS tracker is very small size(61 x 34 x 12.5mm) and light-weighted(32 gram or 1.1 ounce), easy to use by GSM SMS commands. If you are interested please don't hesitate contact us. We are able to provide customized tracking device according to your need. Thank you very much for your time!

Recent Posts

X’s Community Notes Fails To Stem US Election Misinformation – Report

Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…

1 day ago

Google Fined More Than World’s GDP By Russia

Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…

1 day ago

Spotify, Paramount Sign Up To Use Google Cloud ARM Chips

Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…

2 days ago

Meta Warns Of Accelerating AI Infrastructure Costs

Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…

2 days ago

AI Helps Boost Microsoft Cloud Revenues By 33 Percent

Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…

2 days ago