One of the good things about Android is that it's open source. But on the other hand, that also means it can sometimes be the Wild West out there with exploits sneaking in under the guise of legitimate looking apps. Such is the case as Lookout's official blog has an alert for a Trojan known as "Hong Tou Tou."
Affecting mostly Chinese speaking users and distributed through app markets and forums, the trojan (also known as ADRD) needs additional user permissions before executive a stealthy series of search-related activites while users are oblivious to the activity. The trojan also "phones home" and sends encrypted data containing device IMEI and IMSI to a remote host.
The trojan has been found in over fourteen different Android apps including the popular game RoboDefense, as well as numerous Android wallpaper apps.
Those subscribed to Lookout are already protected, but if users simply disable the installation of apps from "unknown sources," to avoid it. Here's a few other ways to steer clear:
* Only download apps from trusted sources, such as reputable app markets. Remember to look at the developer name, reviews, and star ratings.
* Always check the permissions an app requests. Use common sense to ensure that the permissions an app requests match the features the app provides.
* Be alert for unusual behavior on your phone. This behavior could be a sign that your phone is infected. These behaviors may include unusual SMS or network activity.
* Download a mobile security app for your phone that scans every app you download to ensure it’s safe. Lookout users automatically receive protection against this Trojan.
[via Lookout Blog]