New malicious software has been detected on Android devices where a user’s personal information is stolen by a fake Gmail program.
The malware, called DDSpy, acts like a Gmail service in Android gadgets. However, users will not see an icon for DDSpy — it works by hiding in the app list and waiting for commands from a remote server via SMS. These commands include “BOOT_COMPLETED,” “SMS_RECEIVED,” and “PHONE_STATE.”
Once DDSpy is given these commands, the malware can begin uploading the Android user’s SMS records, call log and vocal records. DDSpy is capable of configuring the uploading email address on the device and figuring out what content to steal. It also records calls when it detects outbound calls and when it’s configured by SMS. From there, the recorded files are stored in SDCard/DCIM/.thumbnails/directory.
DDSpy has a default uploading mode coded into it where it sends its collected information to an email address at a certain time each day.
NQ Mobile’s Security Research Center, which discovered DDSpy as a threat, is particularly worried about this malware because it uses a GPS-uploading interface “for future development,” meaning it could turn into a more malicious version at some point.
NQ Mobile Security offered a few tips as to how to avoid getting DDSpy, such as only downloading apps from trusted sources, never accepting apps from unknown sources and keeping an eye on odd behavior.
Source: NQ Mobile Security