The Trojan targets only U.S. Smartphone users when they click on a malicious in-app advertisement. The website lures users to click-through to download and install an application one of which is a fake battery optimizer called "t4t.pwower.management", and another is a porn app called "com.space.sexypic".
After the application has been installed, GGTracker registers the user for premium subscription services. The Trojan carries out this task by contacting another server in the background where the malicious behavior intercepts crucial confirmation data to charge users without their consent or knowledge.
Lookout advises that users can protect themselves from malicious webpage’s by taking a few precautions:
- After clicking on an advertisement, make sure the page and URL matches the website the advertisement claims it’s sending you to.
- Download apps only from trusted sources. Also look at the developer’s name, reviews, and star ratings. If you are suppose to be on the Android Market, check the URL to make sure you are on the Market and not redirected to another site.
- Always monitor your phone for any unusual behavior like unusual SMS messages, strange charges on your phone bill or unusual network activity. Check all apps running in the background and investigate any that you think should not be running.
- Don’t download any third party apps by making sure "unknown sources" is not check off in "application settings" in your android system.
- Download a mobile security app for your phone that scans every app you download to ensure its safe.
More information: Lookout Blog
This post has been promoted to an article