Symantec discovers Android.Arspam Trojan
Mobile security threat sends out SMS containing a forum link to all names in victims address book
Mobile malware, hacktivism and the Arab Spring have converged in an online security threat called Android.Arspam by Symantec.
Based on Symantec's research, the malicious Trojan was distributed through forums focusing on Middle Eastern issues and used the Android operating system to grow and spread.
"The Middle East has undoubtedly seen a rise in hacktivism and cybercrime in 2011, not only is it an emerging market that has great financial appeal for cybercriminals but the region plays host to an increasingly connected and mobile online community that offers great scope for those looking to exploit these devices to reach a wider audience. The Arab Spring is just one of many trending topics that are attracting a higher volume of online traffic which is essentially where the low hanging fruits lie," said Bulent Teksoz, chief security strategist, Emerging Markets, Symantec.
The Android.Arspam Trojan was embedded into a fake copy of a popular Islamic compass app available on the Android Market. The real version of the app was not affected.
After users install the app, the code goes to work in the background as a service called alArabiyyah. The Trojan randomly picks one link from a list of eighteen and then sends out an SMS message to every contact in the address book of the compromised device, sending them a link to a forum site. According to Symantec, each forum site has identical content and appears to be a tribute to Mohamed Bouaziz.
"In a way, this threat is a testament to the rise of hacktisivm. Attacks like Android.Arspam further offer hacktivists and cybercriminals targeting this region an opportunity to test and develop their methods. It is of crucial importance that individuals and organisations secure themselves across all devices as these ‘gateway' threats become more sophisticated and potentially harmful," said Teksoz.