There’s been a lot of news in the last few months about Trojans and other malware aimed at Android devices, and with millions of new phones and tablets being sold every week, that’s not likely to change any time soon. Security software vendor Symantec has identified the latest Trojan to gain a major foothold, called “Android.Arspam”. The Trojan imitates a legitimate app in the Android Market designed to aid Islamic prayers with a compass pointing towards Mecca, and has found its way onto an increasing number of Middle Eastern Android phones.
The app’s distribution method is particularly sinister: once installed, it sends out SMS links to every number in the user’s contact list, directing them to a forum. Surprisingly, it isn’t instructing users to download more copies of itself, instead displaying a tribute to Tunisian protest martyr Mohamed Bouazizi. That makes the Trojan app more like “hacktivism” than true malware, but it’s still performing actions on the user’s phone without his or her permission, and potentially racking up considerable texting charges.
The app must be downloaded from the Internet and installed via Android’s 3rd-party app function, like almost all Android malware to date. The original compass app, which can still be found in the Android Market, is unaffiliated and (as far as we know) safe. While more and more anti-virus and anti-malware products are being made available to Android users, the best way to protect yourself is still to use extreme caution when installing third-party applications. Copied or pirated apps have proven to be some of the most dangerous – don’t copy that floppy, kiddos.