Android Malware “DDSpy” Pretends to be Gmail, Steals Phone Logs

 

 

New malicious software has been detected on Android devices where a user’s personal information is stolen by a fake Gmail program.

The malware, called DDSpy, acts like a Gmail service in Android gadgets. However, users will not see an icon for DDSpy — it works by hiding in the app list and waiting for commands from a remote server via SMS. These commands include “BOOT_COMPLETED,” “SMS_RECEIVED,” and “PHONE_STATE.”

Once DDSpy is given these commands, the malware can begin uploading the Android user’s SMS records, call log and vocal records. DDSpy is capable of configuring the uploading email address on the device and figuring out what content to steal. It also records calls when it detects outbound calls and when it’s configured by SMS. From there, the recorded files are stored in SDCard/DCIM/.thumbnails/directory.

DDSpy has a default uploading mode coded into it where it sends its collected information to an email address at a certain time each day.

NQ Mobile’s Security Research Center, which discovered DDSpy as a threat, is particularly worried about this malware because it uses a GPS-uploading interface “for future development,” meaning it could turn into a more malicious version at some point.

NQ Mobile Security offered a few tips as to how to avoid getting DDSpy, such as only downloading apps from trusted sources, never accepting apps from unknown sources and keeping an eye on odd behavior.

Source: NQ Mobile Security

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s