Writing in a blog, Sophos security researcher a "malicious application" that "gathers sensitive information" about the Android device it lands on, collecting personal information and technical details, including phone number, and "sends it off to the malware's authors."
IN THE NEWS:
"Like many other mobile Trojans, this one sends SMS messages to premium rate SMS numbers and is capable of reading your SMSs as well," Wisniewski says in his blog.
He points out that SMS scams work because "the mobile phone companies provide the payment processing and the bad guys have their money and are long gone before you ever receive the phone bill with the fraudulent charges."
Sophos has identified the Android Trojan as Andr/Stiniter-A, and says it doesn't ask for specific permissions during installation. "The Roar of the Pharaoh" is a legitimate Chinese game , though the Android app for it is not believed to be distributed on Google's site called Google Play (formerly Android Marketplace).
Michael Sutton, vice president of security research at cloud-based security provider Zscaler, said the fake "The Roar of the Pharaoh" app for Android reflects the shift of malware authors to target the Android platform, whether or tablets. Fake game apps that are really Trojans are increasing and "this is a typical scam for Android now," he says.
Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security.
in Network World's Wide Area Network section.