CyberCrimeMobile Appsmobile OSMobilitySecuritySecurity Management

Android Malware Poses As Microsoft Word Document

Tom Jowitt is a leading British tech freelance and long standing contributor to TechWeek Europe

Google + Linkedin Subscribe to our newsletter Write a comment

Android users beware! New malware disguises itself as Word document, but steals messages and other data

Android users face yet another security risk after a new piece of malware was discovered to be targeting the mobile operating system.

The discovery was made by security firm Zscaler, which said the Android malware portrays itself as a Microsoft Word document in an effort to get victims to click on the well-known file icon.

Disguised Malware

Zscaler said that the malicious app is designed to look like a Microsoft Word document and presents itself with an icon resembling Word.

Android users should be on the look for a file that portrays itself as a data file with an icon similar to that used by Microsoft Word documents. The file is entitled ‘资料’ (Data), and it apparently runs with admin access and thus cannot be easily uninstalled.

AndroidmalwareIt places a Word icon on the screen, and as soon as victim tries to start the app by clicking on the Word icon, it comes with the follow error message – “Installation errors, this software is not compatible with the phone”.

The Word icon then disappears from the device screen, leaving the user to think it has disappeared.

But in reality the malware has been installed and behind the scenes it scans the device for SMS messages and other personally identifiable information such as the IMEI number, SIM card number, Device ID, and even the victim’s contact information. All of this valuable information is then sent to the attacker via email.

“We were able to confirm that the campaign was initiated on October 10, 2015 and almost 300+ users had fallen prey to this malware,” said Zscaler. “The attacker was able to successfully retrieve message details and contact lists from the infected users.”

Zscaler recommends that Android users download apps only from official Android stores like the Google Play store.

If a user is infected with this malware, Zscaler said they should follow the steps mentioned in its previous blog about removing malicious Android apps.

Other Malware

Zscaler researchers have been busy of late discovering a number of malware relating to the Android operating system.

In September Zscaler discovered a nasty piece of Android ransomware in the form of the Adult Player app. This app was not available to download from the Android app store but had to be accessed from other sites, and appeared to offer pornographic videos.

But in reality, when it was opened, it secretly took pictures of the user with the phone’s front-facing camera, before the device was locked and displayed a demand for $500 (£330).

And in July Zscaler also discovered a malicious application posing as a popular batter monitoring app from the Google Play Store.

The ‘evil’ app spoofed BatteryBot Pro from Darshan Computing, which costs £2.49, but the rogue version was available for free. Those unfortunate enough to install it, soon discovered that it would use their smartphones to send premium-rate text messages and display pop-up adverts. It also prevented people from deleting the app.

Google subsequently removed the malicious application from the Google Play Store.

What do you know about Internet security? Find out with our quiz!