Google's Android falls victim to its first SMS Trojan

Popular security company Kaspersky Labs has today revealed Google's open source mobile phone system, Android, now has it's first SMS-based trojan.

The trojan, called "Trojan-SMS.AndroidOS.FakePlayer.a", is 13 KB in size and poses as a seemingly legit media player for smartphones running Android. Behind the scenes however, it's an entirely different story Kaspersky Labs says, with the Trojan secretly exploiting the system to send SMS messages to premium rate numbers at a cost to the owner.

The Android platform isn't the first to experience these sorts of SMS Trojans - according to Kaspersky Labs, in fact they're the most widespread class of malware for mobile phones. It's not the first case of Android devices infected either, with the first Android spyware appearing in "isolated" cases in 2009.

“The IT market research and analysis organization IDC has noted that those selling devices running Android are experiencing the highest growth in sales among smartphone manufacturers,” Denis Maslennikov, Mobile Research Group Manager at Kaspersky Lab wrote today.

"As a result, we can expect to see a corresponding rise in the amount of malware targeting that platform."

Kaspersky Labs is one of many security vendors working on a security solution for Android smartphones, with company officials hoping the first edition will be released early in 2011. In the meantime, the company recommends Android users pay close attention to the services an application requests access to when it's installed.

Report a problem with article
Previous Story

YouTube gets a refreshed 'End of Video' screen

Next Story

Coalition announces its broadband plan for Australia

70 Comments

Commenting is disabled on this article.

For all the people claiming this isn't a trojan because they approved the install, would you consider it a trojan if it claimed on the marketplace details that you could text your friends messages like, "Hey buddy, I just downloaded [Insert current song title] by [Insert artist] and thought you'd really like it."? I can't find any indication of what the app's real name was or what features it claimed to have other than it was a media player of some kind. I don't know what it did, but could it have requested legitimate access to SMS and abused it?

The truth is we don't know anything about it other than an AV company supposedly discovered it. I'd take that with a grain of salt if I were you. After all they have a vested interest in spreading fear,

I know I'd take a GNU/Linux OS over windows any day of the week with regards to security.

Yes, we all know you love Linux. Your nickname makes that clear. And the article has nothing to do with Windows or WinPhone.

Do antivirus companys have an interest in selling antivirus products? Of course. Does that mean we shouldn't take their warnings seriously or assume they're disseminating false information? Of course not.

I'm a Droid owner. I like the platform quite a bit. But, that doesn't mean we should let our love for the platform cloud our judgement into thinking it is impervious to all problems. We also shouldn't blame the user for a problem. We all know how well, "No, you're just holding it wrong" worked for Apple. If there is a problem, learn from it and improve the product.

This wouldnt happen on an iPhone hehe Ok calm down . . . I am eagally awaiting delivery of my android HTC Desire . . . getting rid of my iPhone. Again its social engineering not "technologys" fault.

Sawyer12 said,
This wouldnt happen on an iPhone hehe Ok calm down . . . I am eagally awaiting delivery of my android HTC Desire . . . getting rid of my iPhone. Again its social engineering not "technologys" fault.

Google announced a month ago that they built something into Froyo which allows stuff just like this to be remotely killed by Google if needs be - and everyone criticized Google for it. Where are these people now?

The Teej said,
Google announced a month ago that they built something into Froyo which allows stuff just like this to be remotely killed by Google if needs be - and everyone criticized Google for it. Where are these people now?
Most people were not criticizing Google for having the function, but rather the fan base, the base that always attacks apple over it's power of your phone, yet Apple has never forcibly removed an app from a phone as far as I know..

In the end the function makes sense, Android has it, iOS has it, probably others too, just incase.

Ive had a similar app, my bill was high so I called orange who told me ive been getting texts @ £5 each. I did notice some blank texts but just assumed they were corrupted textts from people I knew, but no they were costing me £5 a go.
They were from anonymous, with no return number and no content.
After speaking to orange they gave me a number to reach the company that was billing, through them I traced another number who then gave me a company name that was billing me (cell serv - enquiries@cellservltd.com).

Ive emailed them and had a response saying they will refund the lot but still not got it back.

I had a few streaming media apps that I was testing and noticed one running a lot, Ive removed them all now and not had any more texts but this is outrageous!

The title is misleading though, and I think Kasperky didn't name thhe app simply because they are probably breaking no law, it will always tell you what the app needs when installing its just that I didn't check - its a loop hole and needs pluging but if Kaspersky named the app Id expect a lawsuit or something from it.

Its not a trojan, its not a virus, its social engineering and requires users to install a app without checking what the app is telling them its going to do - in this case sent request premium rate texts to be sent to the device.

this is who was billing me: http://www.cellservltd.com/

duddut2 said,
Its not a trojan...

WRONG

"A Trojan horse, or Trojan, is malware that appears to perform a desirable function for the user prior to run or install but instead facilitates unauthorized access of the user's computer system."

The fact a user has to click approve doesn't make it any less of a trojan, because at the time they think it's just a media player in this case.

TCLN Ryster said,

WRONG
"A Trojan horse, or Trojan, is malware that appears to perform a desirable function for the user prior to run or install but instead facilitates unauthorized access of the user's computer system."

The fact a user has to click approve doesn't make it any less of a trojan, because at the time they think it's just a media player in this case.

By your own admission this app doesn't meet those requirements. The communication is only outgoing and it doesn't "facilitate access to the system" at all. In fact it can't access any critical system files because it's not running as root. I would not say it's strictly a trojan. Would you also say that wallpaper app was a trojan as well? After all it did send personally identifiable information and wasn't authorised.

I don't honestly think these kinds of apps are anywhere near as destructive as windows trojans which really do cause havoc, The truth is we know very little about it except for what an AV has said, and they are known for embellishment in order that they might sell more of their products.

LoveThePenguin said,

By your own admission this app doesn't meet those requirements. The communication is only outgoing and it doesn't "facilitate access to the system" at all. In fact it can't access any critical system files because it's not running as root. I would not say it's strictly a trojan. Would you also say that wallpaper app was a trojan as well? After all it did send personally identifiable information and wasn't authorised.

I don't honestly think these kinds of apps are anywhere near as destructive as windows trojans which really do cause havoc, The truth is we know very little about it except for what an AV has said, and they are known for embellishment in order that they might sell more of their products.

"Behind the scenes however, it's an entirely different story Kaspersky Labs says, with the Trojan secretly exploiting the system to send SMS messages to premium rate numbers at a cost to the owner."

i wonder what that means then since according to you it doesnt exploit the system... obviously the auther and source got it all wrong or maybe you mean that SMS isnt part of the system? also, somehow i think people will be more upset with extra premium charges and a fresh reboot compared to just having to do a fresh boot of their phone so id say this is more destructive than the trojans you get on your pc that just need a cleaning or 1 hour reboot to fix for free.

Sounds like an apk file you can download somewhere else and not in the Market. If you infect your system with side loading apps thats your fault...

James Brooks said,
Nice that Google can remotely pull any app off of a phone.

I wonder if they have to get a court order for such thing?

Oh really......Nice that Google can invade your phone but it nice...RIGHT!!!!

yardman said,

Oh really......Nice that Google can invade your phone but it nice...RIGHT!!!!


It's not invading if all they're doing is deleting.

yardman said,

Oh really......Nice that Google can invade your phone but it nice...RIGHT!!!!


That's a bit over the top isn't it? They only remove apps that threaten users, and that's a good thing!

As far as Linux is concerned, it is less vulnerable as compared to windows.
Trojans are something which don't alter system stuff hence root permission is not required. They can be run at user level and leak data.
Google should implement some feature such that only after the approval of the phone owner the apps will be executed.
This way the owner will know what is there in his device and at the same time solve such problems without need of any AVs, etc.

iTech7.com said,

Google should implement some feature such that only after the approval of the phone owner the apps will be executed.

I had a similar idea, except that I think app developers should be ranked by how trusted they are. Like VIP, Trusted, Reliable, Not Ranked, Distrusted etc. Or something like that, perhaps based on popularity/user feedback.

LoveThePenguin said,

I had a similar idea, except that I think app developers should be ranked by how trusted they are. Like VIP, Trusted, Reliable, Not Ranked, Distrusted etc. Or something like that, perhaps based on popularity/user feedback.

I'd definately like that. Honestly, the Android market needs a lot of improvements. They can trumpet 100,000 apps all they want, but it doesn't mean much if you can't separate the 99,000 that are garbage from the 1,000 you might want to use.

Trong, I'm with you. I am very suspicious of AV companies, whose profits depend on malware being constantly updated.

Symbian's been vulnerable to stuff like this for years.

Harry Barracuda said,
Trong, I'm with you. I am very suspicious of AV companies, whose profits depend on malware being constantly updated.

Some conspiricists believe that most of these proof of concept apps are being written by the AV companies themselves to scare users into buying their products. It's not as far fetched as it seems.

Surly they just need to remove it from the Market no? This is where the ability to remove apps from peoples phones would be a benefit.

SK[ said,]Surly they just need to remove it from the Market no? This is where the ability to remove apps from peoples phones would be a benefit.

But the same people complaining about how Android is getting attacked are the same people who complained when Google showed that it can remotely delete apps !

Julius Caro said,

+1 the title is a mess.


Agreed, although it needs to be there. Otherwise, it'll be just "Google's Android falls victim to a Trojan". It's not the first, I'm 99% sure that a background app was collecting user data a little bit back and submitting it to China.

This title is god awful. Makes it sound like the trojan is being snuck in by SMS.

Now why won't Kaspersky release the name of the application so someone can start investigating it? Is the app even on the market? If this is an app that can only be sideloaded, I'm willing to bet that Kaspersky wrote it themselves.

Trong said,
This title is god awful. Makes it sound like the trojan is being snuck in by SMS.

Now why won't Kaspersky release the name of the application so someone can start investigating it? Is the app even on the market? If this is an app that can only be sideloaded, I'm willing to bet that Kaspersky wrote it themselves.

If you really believe that's the case, find the app and prove it came from within Kapersky before you make any accusations like that.

NightmarE D said,

If you really believe that's the case, find the app and prove it came from within Kapersky before you make any accusations like that.


Did you choose to ignore the rest of the comment before that? There is no info on the app. Even if I wanted to, which I do, I have nowhere to start looking. Kasperksy only released the security codename, but not the app's name itself.


If you want to question me about that, why don't you go find the app and prove that it exists at all?

Trong said,
Now why won't Kaspersky release the name of the application so someone can start investigating it?

Scaremongering plain and simple. They want other platforms to adopt the bloated virus/malware/rootkit triumvirate, but the fact is only windows and other MS platforms suffer from these maladies.

LoveThePenguin said,

Scaremongering plain and simple. They want other platforms to adopt the bloated virus/malware/rootkit triumvirate, but the fact is only windows and other MS platforms suffer from these maladies.

While I agree Kaspersky would probably be quite interested in getting people to buy antivirus programs for Android, the idea that only Microsoft is able to get a virus is insane. You can love Tux the penguin all you want. Just try not to be so fanatical about Linux that it distorts your perception of reality. Android is gaining a huge user base, and as such, has sparked the interest of technological hoodlums.

NightmarE D said,

If you really believe that's the case, find the app and prove it came from within Kapersky before you make any accusations like that.

Ah, the " AV developers write the viruses" myth/urban legend. Do you really think that an AV company would do something that stupid, it would ruin their reputation!!?!

Sorry, but this is a load of crap. It's an application which sends text messages to premium numbers.

When you install any application, it states what permissions it needs, and this one will list that it will want to send text messages which could cost you money.

It's exactly the same as any other app. In fact, I have an application about a cinema ticket scheme my phone carrier provides and that sends a premium rate number a sms.

giggsey said,
Sorry, but this is a load of crap. It's an application which sends text messages to premium numbers.

When you install any application, it states what permissions it needs, and this one will list that it will want to send text messages which could cost you money.

It's exactly the same as any other app. In fact, I have an application about a cinema ticket scheme my phone carrier provides and that sends a premium rate number a sms.


ITS A TROJAN. It's made to get around things..obviously it was embedded into the app which was most likely made by a 3rd party person in which when you download it it start to take its action the "permission" part isn't going to read what the trojan does.

flashnuke said,

ITS A TROJAN. It's made to get around things..obviously it was embedded into the app which was most likely made by a 3rd party person in which when you download it it start to take its action the "permission" part isn't going to read what the trojan does.

When an Android application is made, it has to define what permissions it needs in a file. The contents of this file are read and presented to the user before it can be installed, meaning the user will see what permissions it requires.

If there is a permission that is not listed in that file, it can not use that resource. So unless the app defines that it will send text messages in the permission file, it doesn't get access to the API elements which do this.

So it has nothing to do with it being a 'TROJAN', it's an application that states it needs permission to send text messages when it is installed, and the user stupidly clicks 'Install'. Nothing more.

(Also, "IT'S")

giggsey said,

When an Android application is made, it has to define what permissions it needs in a file. The contents of this file are read and presented to the user before it can be installed, meaning the user will see what permissions it requires.

If there is a permission that is not listed in that file, it can not use that resource. So unless the app defines that it will send text messages in the permission file, it doesn't get access to the API elements which do this.

So it has nothing to do with it being a 'TROJAN', it's an application that states it needs permission to send text messages when it is installed, and the user stupidly clicks 'Install'. Nothing more.

(Also, "IT'S")


ye because there is no chance for anything getting around that security in android is there

giggsey said,
Sorry, but this is a load of crap. It's an application which sends text messages to premium numbers.

When you install any application, it states what permissions it needs, and this one will list that it will want to send text messages which could cost you money.

It's exactly the same as any other app. In fact, I have an application about a cinema ticket scheme my phone carrier provides and that sends a premium rate number a sms.


I'm sorry, but your message is a load of crap

This IS a trojan... want the definition? Sure, here you are...

"A Trojan horse, or Trojan, is malware that appears to perform a desirable function for the user prior to run or install but instead facilitates unauthorized access of the user's computer system."
Source: http://en.wikipedia.org/wiki/Trojan_horse_(computing)

This Trojan masquerades as a media player, all the while sending text messasges. A clear example of a Trojan if I ever saw one.

The fact it relies on a user not reading the install screen and clicking the ok button doesn't make it any less of a trojan. Does the fact that most windows malware requires the user to click Yes on a security prompt make it not malware? No.

TCLN Ryster said,

I'm sorry, but your message is a load of crap

This IS a trojan... want the definition? Sure, here you are...

"A Trojan horse, or Trojan, is malware that appears to perform a desirable function for the user prior to run or install but instead facilitates unauthorized access of the user's computer system."
Source: http://en.wikipedia.org/wiki/Trojan_horse_(computing)

This Trojan masquerades as a media player, all the while sending text messasges. A clear example of a Trojan if I ever saw one.

The fact it relies on a user not reading the install screen and clicking the ok button doesn't make it any less of a trojan. Does the fact that most windows malware requires the user to click Yes on a security prompt make it not malware? No.

Yes, but a Windows installer doesn't tell you what permissions the application will need/use.

giggsey said,

Yes, but a Windows installer doesn't tell you what permissions the application will need/use.


That isn't the point. The point is the person who made the APP got around the security and thus it caused a problem. No one knows what the actual APP is to even verify that when you download it it tells you that it will send text messages, because I highly doubt the person who made the app would want people to know. lmao

flashnuke said,

That isn't the point. The point is the person who made the APP got around the security and thus it caused a problem. No one knows what the actual APP is to even verify that when you download it it tells you that it will send text messages, because I highly doubt the person who made the app would want people to know. lmao

If it's sending text messages without asking permission, then yes, that's a bug, and a very major one at that. I'm presuming that the permission stuff for the apps is secure, and that this is a social engineering 'attack'.

giggsey said,

If it's sending text messages without asking permission, then yes, that's a bug, and a very major one at that. I'm presuming that the permission stuff for the apps is secure, and that this is a social engineering 'attack'.


Secure to a degree. That is why I am glad ATT blocks 3rd party apps so if I decide to get an android phone i'll have a slightly less chance of this, tho I would make sure I read any permission grants before I were to install any apps because the last thing I need is a 4million dollar phone bill.

flashnuke said,

That isn't the point. The point is the person who made the APP got around the security

The app doesn't get around the security. The user is told which permissions it requires before installing, therefore the security works. If the user than goes ahead and installs it anyway, well it's the users fault. It's infinitely more secure than windows, that's for sure; does windows tell you what API features an app uses before you install it? I think not, you'd have to use some kind of disassembler/debugger tool for that.

I guess the success of the android platform blows a hole in the security in obscurity argument used by most MS fb's. Where are all the viruses, malware, rootkits etc? It seems windows will always be their primary target because of its ignominious security. No matter how successful GNU/Linux or iOS is, viruses will never be the bane that it is in windows, no matter how much the haters would like it to be the case.

LoveThePenguin said,

The app doesn't get around the security. The user is told which permissions it requires before installing, therefore the security works. If the user than goes ahead and installs it anyway, well it's the users fault. It's infinitely more secure than windows, that's for sure; does windows tell you what API features an app uses before you install it? I think not, you'd have to use some kind of disassembler/debugger tool for that.

I guess the success of the android platform blows a hole in the security in obscurity argument used by most MS fb's. Where are all the viruses, malware, rootkits etc? It seems windows will always be their primary target because of its ignominious security. No matter how successful GNU/Linux or iOS is, viruses will never be the bane that it is in windows, no matter how much the haters would like it to be the case.

Now correct me if I am wrong but you're saying it's the person(s) fault who downloaded the app because they didn't read that installing the app would cause them to get text messages they may not want? Maybe you're missing my point. MAYBE it didn't say that it would happen you know being it was a TROJAN .. last time i checked trojans don't just come out and say hey I am coming aboard you're computer and this is what I am going to do.

LoveThePenguin said,

The app doesn't get around the security. The user is told which permissions it requires before installing, therefore the security works. If the user than goes ahead and installs it anyway, well it's the users fault. It's infinitely more secure than windows, that's for sure; does windows tell you what API features an app uses before you install it? I think not, you'd have to use some kind of disassembler/debugger tool for that.

I guess the success of the android platform blows a hole in the security in obscurity argument used by most MS fb's. Where are all the viruses, malware, rootkits etc? It seems windows will always be their primary target because of its ignominious security. No matter how successful GNU/Linux or iOS is, viruses will never be the bane that it is in windows, no matter how much the haters would like it to be the case.

The double standard is hilarious. Regardless of platform, the majority of malware infections is due to the user. It doesn't matter that Android tells you what an app needs to function. What matters is stupid people click "Yes" or "Allow" to any dialog box that pops up without reading it. It's malware, and now we're shown that Linux isn't anymore secure than any other OS.

flashnuke said,
Now correct me if I am wrong but you're saying it's the person(s) fault who downloaded the app because they didn't read that installing the app would cause them to get text messages they may not want?

Yes

Maybe you're missing my point. MAYBE it didn't say that it would happen you know being it was a TROJAN .. last time i checked trojans don't just come out and say hey I am coming aboard you're computer and this is what I am going to do.

If an app tries to use certain functions in Android, it has to declare the permissions in a file which can't be changed at runtime. The permissions are retrieved from the file and displayed to the user at install time.

In this case, the app describes itself as a media player but also requests permission to send SMS', in which case the user can either reject (why would a media player need SMS permission?) or accept.

The bottom line is it doesn't get around security, the app displays the requested permissions to the user at install time and the user says yes, go ahead and install a media player which for some reason wants sms permission. Unless it uses an exploit, the app can't download and install trojon components.

Clear?

If not, go look up the permissions model of Android.

al1uk said,

Yes

If an app tries to use certain functions in Android, it has to declare the permissions in a file which can't be changed at runtime. The permissions are retrieved from the file and displayed to the user at install time.

In this case, the app describes itself as a media player but also requests permission to send SMS', in which case the user can either reject (why would a media player need SMS permission?) or accept.

The bottom line is it doesn't get around security, the app displays the requested permissions to the user at install time and the user says yes, go ahead and install a media player which for some reason wants sms permission. Unless it uses an exploit, the app can't download and install trojon components.

Clear?

If not, go look up the permissions model of Android.

and what if the feature list says the media player can send song titles via sms to your friends. now the permission list confirms you send sms messages and its true purpose for the request is hidden. its like clicking a popup textbox in IE that says, click ok to view this site, when in fact it is causing software to be installed. by what your saying, the app would have asked for the permission which claimed to be for one thing, and did something else. by definition thats a trojan

If this wan't a trojan because the users had the option not to install it, then a horse filled with Greek soldiers was not a Trojan horse because the people of Troy had the option to not bring it into their city.

ILikeTobacco said,

and what if the feature list says the media player can send song titles via sms to your friends. now the permission list confirms you send sms messages and its true purpose for the request is hidden. its like clicking a popup textbox in IE that says, click ok to view this site, when in fact it is causing software to be installed. by what your saying, the app would have asked for the permission which claimed to be for one thing, and did something else. by definition thats a trojan


Finally someone who isn't completely dumb founded.. IDC what the company requires you to do when making an app for android phones as i said before and will say again the person could have set it to say it does one thing and it does a complete opposite thing thats what trojans can tend to do. Oh and btw READ THE FIRST PARAGRAPH "The trojan, called "Trojan-SMS.AndroidOS.FakePlayer.a", is 13 KB in size and poses as a seemingly legit media player for smartphones running Android. Behind the scenes however, it's an entirely different story Kaspersky Labs says, with the Trojan secretly exploiting the system to send SMS messages to premium rate numbers at a cost to the owner." Maybe you forgot that fast what it had sad when scrolling down to reply

Edited by flashnuke, Aug 11 2010, 1:44am :

Firethorne said,
If this wan't a trojan because the users had the option not to install it, then a horse filled with Greek soldiers was not a Trojan horse because the people of Troy had the option to not bring it into their city.

I apologise in advance for my pedantry, but Priam, the trojan king made the retrospectively unwise decision to take the supposed offering to apollo into the city of troy, the people had no say in the matter. Irrespective of this, the analogy is flawed, because the king had no prior knowledge of the composition or function of it, whereas the android application security model dictates that the install must declare the features which it uses, and therefore permits the user to makes an informed decision.

LoveThePenguin said,

I apologise in advance for my pedantry, but Priam, the trojan king made the retrospectively unwise decision to take the supposed offering to apollo into the city of troy, the people had no say in the matter. Irrespective of this, the analogy is flawed, because the king had no prior knowledge of the composition or function of it, whereas the android application security model dictates that the install must declare the features which it uses, and therefore permits the user to makes an informed decision.

His analogy was funny yet not comparable to the situation but the fact of the matter is the file was disguised as a media player but when it got onto your phone the trojan went at it's job, so all in all we have no proof that the app said when installing "this will send you text messages" because i'll say it once more I doubt the person who made the app would make it so blatant. And not ALL apps make you click a yes or no box stating with the app does, I have a friend who has the evo 4 and he even told me so.

Panda X said,
I would hate to see the day when there's an anti-malware application for your phone.

there is.

just look around

Panda X said,
I would hate to see the day when there's an anti-malware application for your phone.

Like Ci7 already mentioned, there's a few already in the Android Market. I use Lookout myself even though I make sure to check what the app requests to use before installing anything. I like its back-up and the feature to remotely locate your phone more than anything though.

Panda X said,
I would hate to see the day when there's an anti-malware application for your phone.

Kasperksy itself, has a mobile protection for Windows Phones.

Jose_49 said,

Kasperksy itself, has a mobile protection for Windows Phones.

My windows smartphone 2003 had anti-virus, think it was trend micro.

Jose_49 said,

Kasperksy itself, has a mobile protection for Windows Phones.

The key there is 'Windows' phones. MS OS's lose market share, and look, a new scare story to frighten users into buying bloated anti-virus software for android. I may be cynical but this does seem like much ado about nothing.

Omen1393 said,
Well I think this is one of the first times Linux is being targeted by malware writers since android is linux based.
Didn't you see how fast Android's market share is growing? 200K phones per day worldwide, according to Google's CEO. That's the reason malware writers will now target Android. Google needs to get ready for some action now, just like Microsoft has had to since Windows 95.

Omen1393 said,
Well I think this is one of the first times Linux is being targeted by malware writers since android is linux based.
It's far from the first time. And wont be the last.

Omen1393 said,
Well I think this is one of the first times Linux is being targeted by malware writers since android is linux based.

The malware can only have an impact on Android but not any other standard Linux distributions (even if we disregard the architectural differences). The userspace for Android is just too different from standard desktop Linux distributions.

x-byte said,
It's far from the first time. And wont be the last.

True. We don't know since when there's been a virus for that OS. They may be in the wild, but their chances on finding one is very scarce. That's why we can't always rely on news, when it says the "first sms trojan", it may be true, or may not. We don't own the Internet and we don't have complete monitor of it. I do believe that there are different kind of viruses which have been developed, and are roaming all over the Internet silently. We just need to wait for the news to pop out and say, such as this one.

Omen1393 said,
Well I think this is one of the first times Linux is being targeted by malware writers since android is linux based.

Not really. This is most likely a java app, not a native one. And it wont run on GNU/Linux distros like Ubuntu etc. In addition, this information is coming from an AV company which neglected to mention the app name or the details of it. If I was to guess, i'd say they're trying to sell more of their products by fearmongering.