Android malware hiding as Google+ app discovered

Google's Android smartphone and tablet operating system is well known for its various malware threats. Now a new report from Trend Micro has discovered yet another Android malware download that can actually look somewhat like a legitimate app for the Google+ social networking service. In fact the malware shows up with the name Google++ when it is installed.

This malware, which has the name ANDROIDOS_NICKISPY.C, can collect "data such as text messages, call logs, and GPS location from infected devices". That info is then sent to a remote URL address where presumably whomever created the malware collects the data. It can also record phone conversations which is similar to another Android malware threat that was discovered earlier this month. However this new malware threat can also answer incoming calls to the infected smartphone. It addition the malware can also receive commands via simple text messages.

Trend Micro did not reveal where this new Android malware threat comes from. While Google has removed a number of malicious software releases from its Android market in the past, some malware threats come from third party download services as well as shady malware-specific locations.

Trend Micro has posted up a list of things that Android users can try to stop malware threats. Users can properly set up their security settings on their smartphone and also disable connecting to a WiFi router automatically. People should also take a look at the permissions you will have to give for each app they get for their Android phone. Also people should consider blocking your smartphone's access to any online store other than Android Market.

Report a problem with article
Previous Story

Nokia and China Mobile team up to sell Windows Phone devices

Next Story

Rumor: LTE being installed in an Apple store?

43 Comments

Commenting is disabled on this article.

Speaking of lag... my n97 lags by just turning it on.. or answering a phone call.. or... just looking at it makes me lag and cry at the same time. But mostly lag.

My opinion is that Google should test and approve all apps on the Android Marketplace and restrict it like Apple does. However, it should allow approved vendors to maintain their own stores that can be installed safely and continue to allow users to access other content if they specifically enable access to third party stores.

That way casual users will never be able to accidentally install malware, while power users can proceed at their own risk. They should auto-block known malware via remote killswitch, so that even misguided power users will be protected from known malware. The problem is that the Android Marketplace is full of so much shady software that it is damaging people's confidence in the platform.

theyarecomingforyou said,
My opinion is that Google should test and approve all apps on the Android Marketplace and restrict it like Apple does. However, it should allow approved vendors to maintain their own stores that can be installed safely and continue to allow users to access other content if they specifically enable access to third party stores.

That way casual users will never be able to accidentally install malware, while power users can proceed at their own risk. They should auto-block known malware via remote killswitch, so that even misguided power users will be protected from known malware. The problem is that the Android Marketplace is full of so much shady software that it is damaging people's confidence in the platform.

+1...I'm done with android

It's damaging people's confidence in the platform? I dare say it's only damaging people's confidence in the platform if they had very little to start with. Malware is going to happen and the fact that they're getting right on it when it pops up is a good start. I'm sure they're not just sitting idly by either and are working on something to prevent malware more effectively in the future. Eesh.

theyarecomingforyou said,
My opinion is that Google should test and approve all apps on the Android Marketplace and restrict it like Apple does. However, it should allow approved vendors to maintain their own stores that can be installed safely and continue to allow users to access other content if they specifically enable access to third party stores.

That way casual users will never be able to accidentally install malware, while power users can proceed at their own risk. They should auto-block known malware via remote killswitch, so that even misguided power users will be protected from known malware. The problem is that the Android Marketplace is full of so much shady software that it is damaging people's confidence in the platform.

Sadly Android and Google are using the guise of open source and the free software movement; and bought into the insane 'security' myths that many people in the OSS community have about Linux and other OSS projects. They think that because more people can see the code, security and fixes are usually caught. However, because people can easily see the code, all it takes is one person smarter than the person that wrote the code to find a flaw and exploit it.

Its called common sense. Look at the app you're downloading, does it look dodgy? Look at the comments for the app, do they say anything bad about the app? Then last of all look at the permissions its trying to use when you install it, what are they trying to access?
Its not really that difficult to work out.
Obviously apple doesn't have that problem because they have a closed system. You can't really have an open operating system where all of the apps need to be approved before people can install them.

theyarecomingforyou said,
My opinion is that Google should test and approve all apps on the Android Marketplace and restrict it like Apple does.

Pardon, but App Store is not immune. iphone application can have full internet access and other permission.

Magallanes said,

Pardon, but App Store is not immune. iphone application can have full internet access and other permission.

The average consumer does not want to have to deal with crap like that just to download an app for their phone. Android's security sucks plain and simple, and hopefully will destroy itself.

It is pathetic that you have to worry about that crap. The android market is full of garbage apps, and yes android LAGS no matter what you do to it. I have had about 6 high end android phones and all lag and force close and freeze and random reboot etc. That's just the way android is and the only thing you can do about it is move on to another OS

You guys seem to be missing the point here. The majority of people will search for "Google+" and download "Google+". How is the user supposed to know that it's not a virus? It is quite pathetic that you can download a virus from the Android Marketplace. There needs to be serious quality control. This goes for any phone OS. Yes, power users will root, jailbrake and set their phones to developer unlocked, but the rest of the population rely on the Marketplace for apps. The fact that you need an anti-virus is a huge turnoff.

Nexus69 said,
You guys seem to be missing the point here. The majority of people will search for "Google+" and download "Google+". How is the user supposed to know that it's not a virus? It is quite pathetic that you can download a virus from the Android Marketplace. There needs to be serious quality control. This goes for any phone OS. Yes, power users will root, jailbrake and set their phones to developer unlocked, but the rest of the population rely on the Marketplace for apps. The fact that you need an anti-virus is a huge turnoff.

http://news.cnet.com/8301-1009...masquerading-as-google-app/

"Unlike some malware in the past that masqueraded as legitimate apps through Google's Android Market, this particular one must be downloaded by an unsuspecting user from a malicious Web site and then manually installed."

It had to be downloaded outside of the Android Market.

looks like you're so hot in tech sawy that you don't know that regular phone had virus for 10 years or more? My friend catch one, a simple nokia phone with a keyboard for easier texto, nothing wmp, android or else, just plan nokia phone. She catch it by sms. She received a texto, open it to see what it was and blam, phone bricked. The clerk at the store said it happen pretty often these days.

So yeah, android is worst? Go learn some stuff before trying to be an apple fan. Next time, you'll tell us Linux or iOS is better cause windows is so infected...

Nodiaque said,
looks like you're so hot in tech sawy that you don't know that regular phone had virus for 10 years or more? My friend catch one, a simple nokia phone with a keyboard for easier texto, nothing wmp, android or else, just plan nokia phone. She catch it by sms. She received a texto, open it to see what it was and blam, phone bricked. The clerk at the store said it happen pretty often these days.

So yeah, android is worst? Go learn some stuff before trying to be an apple fan. Next time, you'll tell us Linux or iOS is better cause windows is so infected...

Key words here are 10 years ago... Security has changed a lot in the past ten years, and for Android or iOS to be getting infected not ONLY through social engineering is a sad reflection of the ignorance security model in the OS designs.

Microsoft learned their lesson, to the point that a lot of the modern concepts of security and malware were created to attack Windows that also applied to other OSes. Apple and Google need to do more than just mimic the new exploit vectors and concepts that Microsoft gets hit with.

The easiest OS to crack remotely? OS X, the second? Linux. PERIOD.

Go look up how Sony and other were taken offline, it wasn't just their poorly patched and bad versions of Linux or PHP/Apache errors, it was the hackers used an army of botted Linux servers to find the exploits in their servers and networks. (How do you think they were able to easily bot 9000 Linux servers? Cause Linux is so secure? Not so much.)

thenetavenger said,

Key words here are 10 years ago... Security has changed a lot in the past ten years, and for Android or iOS to be getting infected not ONLY through social engineering is a sad reflection of the ignorance security model in the OS designs.

Microsoft learned their lesson, to the point that a lot of the modern concepts of security and malware were created to attack Windows that also applied to other OSes. Apple and Google need to do more than just mimic the new exploit vectors and concepts that Microsoft gets hit with.

The easiest OS to crack remotely? OS X, the second? Linux. PERIOD.

Go look up how Sony and other were taken offline, it wasn't just their poorly patched and bad versions of Linux or PHP/Apache errors, it was the hackers used an army of botted Linux servers to find the exploits in their servers and networks. (How do you think they were able to easily bot 9000 Linux servers? Cause Linux is so secure? Not so much.)

That's funny as I have to have anti-virus software installed on all of the computers in my network, even the Windows 7 machines with the all the modern concepts of security implemented. Why is that? Because any computer, which is what smartphones are you know, are only as secure as the person using it allows it to be. You can't stop a noob from going somewhere they shouldn't and downloading malware and clicking yes to UAC and getting jacked.

Well considering android is aimed at everyone and is pushed to average consumer setting up permissions for each app and all these security settings is stupid as the average person won't know how do it or even care really, so silly for the ppl to say this stuff. The phone should be secured as standard

psionicinversion said,
Well considering android is aimed at everyone and is pushed to average consumer setting up permissions for each app and all these security settings is stupid as the average person won't know how do it or even care really, so silly for the ppl to say this stuff. The phone should be secured as standard

Really, the same newbs that will download anything and infect their PC will do the same to their smartphone, eventually, regardless of OS. Back in the day there was some particularly nasty malware circulating around the original iPhone 2G jailbreak community of apps. Homebrew stuff you downloaded through someone elses homebrew 'market' app.

Oh yeah, and since a ton of iPhone users are jailbroken anyway, how many have OpenSSH/SSH access setup and never knew that you should always change the root password or that someone sitting near them in a restaurant could browse their filesystem?

Android remains as secure, if not moreso, than anything else around.

Don't know how good it is, but I used the Lookout app for my Android phone. It scans everything you install to ensure it isn't any of the know viruses in it's database. It also has other features that backup your data and can locate, or lock your Android phone if stolen.

https://www.mylookout.com/

Fun owning a phone that requires a virus scanner huh! As if Andy is not already laggy enough, now people gotta get that virus scanner app too. yay...

flexkeyboard said,
Fun owning a phone that requires a virus scanner huh! As if Andy is not already laggy enough, now people gotta get that virus scanner app too. yay...

Go troll someplace else. These apps are not in the Market and if people are dumb enough to install non market apps without knowing whats going on, then its their fault. I run with NO scanner and never had a problems.

And laggy? Earlier devices....yes, not anymore. Maybe next time you should read a little so you know what you are talking about.

flexkeyboard said,
Fun owning a phone that requires a virus scanner huh! As if Andy is not already laggy enough, now people gotta get that virus scanner app too. yay...

I have a HTC Desire.. not cutting edge technology anymore by a long shot, and it's not laggy at all.. so I highly doubt the newer devices will lag either.

And "requires" a virus scanner? Just no. A little common sense is a good (and free) substitute to a virus scanner on Android.

flexkeyboard said,
Fun owning a phone that requires a virus scanner huh! As if Andy is not already laggy enough, now people gotta get that virus scanner app too. yay...

fail troll attempt

Morden said,

Low end devices are still worthless.

Worthless? Depends on what you do with it. If you just check email and FB, like a lost of people just do, then you dont need a high end device.

flexkeyboard said,
Fun owning a phone that requires a virus scanner huh! As if Andy is not already laggy enough, now people gotta get that virus scanner app too. yay...

looks like you're so hot in tech sawy that you don't know that regular phone had virus for 10 years or more? My friend catch one, a simple nokia phone with a keyboard for easier texto, nothing wmp, android or else, just plan nokia phone. She catch it by sms. She received a texto, open it to see what it was and blam, phone bricked. The clerk at the store said it happen pretty often these days.

So yeah, android is worst? Go learn some stuff before trying to be an apple fan. Next time, you'll tell us Linux or iOS is better cause windows is so infected...

flexkeyboard said,
Fun owning a phone that requires a virus scanner huh! As if Andy is not already laggy enough, now people gotta get that virus scanner app too. yay...

Go away LOL - You can find anti-virus-ware for Windows Mobile 6.5.x phones too. I mean you need to come with some point other than the one on top of your head.

flexkeyboard said,

Sensitive fandroids around here, but I'll just let Joan points it out that even on dual cores, android still lags. @ http://www.youtube.com/watch?v=xG-ztzykBZA#t=221

Goodluck with your antivirus scanning software tho..

hahaha, typical person who doesnt know WTF they are talking about. The video links to one part of where it specifically lags. I can do that with ANY phone, including the iPhone. Yes, I have seen the iPhone and iTouch lag many of times. So get off your high horse and get a clue.

And what antivirus software? I have none and have no problems. And if you think that Android is the only device with malware/malicious software...then I am wasting my time.

Good luck with being clueless.

(Spork) said,


my dual core evo3d has no lag lol wtf are you talking about

My single core Samsung doesnt either. Typical troll or oblivious Apple fan.

Maybe you should watch the whole video so you can get the full context techbeck, but it'll still spell out the same thing for you. I've only link to the part in the review where Joan complains about the lagginess nature of android for everyone convenience. The Linux kernel is not mobile worthy and so is the heavy underlying nature of Java that android os runs on. Android will run better on faster processors at the cost of battery life and pricing where as other OS like WP7, iOS, WebOS run on a more modern and optimized kernel for the ARM architecture. Thus they are more smoother even on a low end chip, have longer battery life, and cheaper to make compare android 'high-end'. So, before you throw anymore hollow stones, check your android phone's battery first, maybe manually close down a couple background apps to make it faster, oh and run that virus scanner check to see if anyone jacking your info.

flexkeyboard said,
Fun owning a phone that requires a virus scanner huh! As if Andy is not already laggy enough, now people gotta get that virus scanner app too. yay...
Computers require virus scanners, so it's only common sense that with the ever increasing complexity that mobile phones would as well - afterall, malware on a phone could easily rack up a huge bill with premium rate numbers. It's the price that has to be paid for an open software platform like Windows and Android. Apple, on the otherhand, closes off the store, which makes it very much easier to police software.

techbeck said,

Go troll someplace else. These apps are not in the Market and if people are dumb enough to install non market apps without knowing whats going on, then its their fault. I run with NO scanner and never had a problems.

And laggy? Earlier devices....yes, not anymore. Maybe next time you should read a little so you know what you are talking about.

1) Some were in the marketplace, and some STILL are due to how submissions are automated.
2) Yes 'laggy' is an issue, even on new phones. However for older phone users, like last year, this is even more of an issue as they are having to run extra services.
3) So Android is the darling of OSS and free, yet installing Apps MUST BE DONE THROUGH GOOGLE. Really? This is NOT a security solution, it is a duct tape approach to security to compensate for a poorly designed OS model. PERIOD.

Do you realize what you are saying is what people that defended WindowsXP back pre-SP1/SP2 days are almost the exact same words and reasoning, and I would bet you didn't think Microsoft was doing 'well' with security, as THEY even knew they weren't, hence the security revamp that delayed Server 2003.

As for new phones being faster, yes they are, but they are STILL NOT faster than WP7 or even an iPhone due to the lack of base UI GPU acceleration. And this isn't even getting into 3D OpenGL ES on Android is 3 to 4 times slower than DirectX on WP7 on the same hardware.

flexkeyboard said,
Fun owning a phone that requires a virus scanner huh! As if Andy is not already laggy enough, now people gotta get that virus scanner app too. yay...

Phones aren't phones anymore, they're super-mobile computers. Most phones today are faster and more feature rich than 10-15 years ago, so yes super-troll, I don't mind having virus protection on my pocket computer.

flexkeyboard said,
Maybe you should watch the whole video so you can get the full context techbeck, but it'll still spell out the same thing for you. I've only link to the part in the review where Joan complains about the lagginess nature of android for everyone convenience. The Linux kernel is not mobile worthy and so is the heavy underlying nature of Java that android os runs on. Android will run better on faster processors at the cost of battery life and pricing where as other OS like WP7, iOS, WebOS run on a more modern and optimized kernel for the ARM architecture. Thus they are more smoother even on a low end chip, have longer battery life, and cheaper to make compare android 'high-end'. So, before you throw anymore hollow stones, check your android phone's battery first, maybe manually close down a couple background apps to make it faster, oh and run that virus scanner check to see if anyone jacking your info.

I don't need to watch a video.. I have an Android handset in my hand that doesn't lag, and it's not even considered high end anymore. HTC Sense *did* lag a bit but when I rooted and installed stock Android, that lag disappeared.

Does Motorola overlay their own UI? If so, it could be Motorola's UI that's to blame rather than Android itself. Show me the same lag on a Nexus..

My battery lasts almost a full day under heavy use (1-2 hours GPS, lots of web/facebook/email browsing/checking, playing music through my car's speakers).

Task managers are useless on Android because it's so good at task management itself. Suspending a background task has no effect. There are plenty of articles detailing this so I won't bother linking you, just search "Android task killer" and you'll come up with lots of articles explaining why they're useless.

You keep posting about all of your theories - in THEORY Java is a heavy platform and shouldn't run well on a phone, in THEORY the Linux kernel is not mobile worthy - but in practice, it's absolutely fine.

Try using an Android phone instead of watching videos because you're severely misinformed on many points.

flexkeyboard said,

Sensitive fandroids around here, but I'll just let Joan points it out that even on dual cores, android still lags. @ http://www.youtube.com/watch?v=xG-ztzykBZA#t=221

For all of the Fandroids, switch to another platform, either iOS or WP7 for a week, then switch back. It still lags, you have just developed a tolerance for it.

Goodluck with your antivirus scanning software tho..

If this is not coming from the official Android Market, then this is non-issue. If it is, then Google needs to step up their game, or at least encourage people to pay more attention to app permissions before they install.

MS Lose32 said,
If this is not coming from the official Android Market, then this is non-issue. If it is, then Google needs to step up their game, or at least encourage people to pay more attention to app permissions before they install.

I bet you said the SAME exact things about WindowsXP when it was being smacked hard by malware, right?

Android and Google have a lot of problems in this area, and 'closing' the accessing point of software is NOT the answer.

thenetavenger said,

I bet you said the SAME exact things about WindowsXP when it was being smacked hard by malware, right?

Android and Google have a lot of problems in this area, and 'closing' the accessing point of software is NOT the answer.

If a user decides to download malware, install said malware and grant it all the necessary permissions to act like malware then what is the OS manufacturer supposed to do?

The same problem exists on all open platforms.

XerXis said,

If a user decides to download malware, install said malware and grant it all the necessary permissions to act like malware then what is the OS manufacturer supposed to do?

The same problem exists on all open platforms.

Logic. Your post uses it. +1