‘Battery Upgrade’ malware shows users how to make their phone vulnerable

October 17, 2011
4

Is anybody feeling some 90s nostalgia right about now? It seems like hardly a day goes by where we don't hear about some sneaky new way for hackers and identity thieves to compromise incautious Android users' phones. The latest is a "battery manager" app that not only compromises your data, but gives you a quick lesson on how to open up the "unknown sources" app install method your phone for easy exploitation. Once installed the app steals your phone number, email address, unique IMEI code and other personal information.

The app is going by both "Battery Doctor" and "Battery Upgrade", mimicking popular (and legitimate) apps like Juice Defender and Power Manager. It's being advertised, presumably via paid ads, on real apps like Scrabble right now. That sets a disturbing precedence for normally harmless ad networks, but it should make it pretty easy for administrators to quickly shut down its primary method of distribution. Adding insult to injury, the app places permanent ads in the pull-down notification bar once installed, which almost certainly drains the battery even faster.

We can't say it enough: never download an Android app from a source that you don't completely trust, just like on any operating system. We're huge fans of Android's expandability around here, not to mention frequent users of non-Market apps, but it's an indisputable fact that it's become the primary vector for malicious apps like the recent fake Netflix data miner. Spread the word to your less technically-inclined friends to keep them from becoming digital victims.


Recent Stories

  • Grammar Nazi

    Does the malware also cause those infected to create spelling errors in headlines?

  • http://www.facebook.com/alexandra.murashova Alexandra Murashova

    I used snappii.com to make apps. It’s really easy, the web service allows me to make mobile apps in mintes, and without programming skills at all.

  • Larsoc

    Just got this (no, didn’t install :-P) . The page downloading it initiating the download was started by a notification with a star symbol. So apparently on of the ~140 apps I already have must be bad too. Despite me having the paid version of Lookout…

  • Millydoon

    I have downloaded the app but not installed it. How do I get rid of it ?