If you’re an Android user, there’s a good chance that you’ve caught a headline or two warning about the latest piece of malware targeting the mobile OS, and are now considering downloading a security app to add another layer of protection to your device.
Should this be the case, just make sure that you don’t inadvertently download malware masquerading as a mobile security application in the process.
Researchers at both Kaspersky Lab and Webroot recently found that a security app named “Android Security Suite Premium” was anything but what the name implied, as it adhered to the demands of its villainous command & control (C&C) server.
Such commands usually entailed stealing incoming SMS messages – possibly along with other system information – and relaying that information back to the attackers.
In analyzing six samples of the bogus security app, Kaspersky Lab discovered 6 different C&C domains encoded within them, one of which had been registered with the same fake data as ZeuS C&C domains.
It is for this reason that the “Android Security Suite Premium” app has earned title as the latest variant of ZitMo (short for ‘Zeus in the Mobile’) trojans.
Kaspersky Lab did not disclose where they had retrieved their APK samples; however, researchers over at Webroot found the Android Security Suite Premium app lurking in torrents and/or third-party Android markets.
So, if you’re on the hunt for a legitimate mobile security app, it is suggested that you:
- Download the app from the official Google Play store.
- Check the developer name, number of downloads and most important of all, user reviews.
It is worth noting that majority of PC antivirus vendors also offer a mobile security solution, so it may be best to do a little research before searching the Google Play store so you can verify the company’s Google Play developer name, app permissions and the like.
Screenshot Credit: Kaspersky Lab