Jump to content

Trojan GGTracker attacks Android users


Dragonji

Recommended Posts

Lookout Security Firm as identified a new Android Trojan named GGTracker that is downloaded to a user’s phone after visiting a malicious webpage that imitates the Android Market. The Trojan then proceeds to sign up the user to premium SMS services without their knowledge.

 

The Trojan targets only U.S. Smartphone users when they click on a malicious in-app advertisement. The website lures users to click-through to download and install an application one of which is a fake battery optimizer called "t4t.pwower.management", and another is a porn app called "com.space.sexypic".

 

After the application has been installed, GGTracker registers the user for premium subscription services. The Trojan carries out this task by contacting another server in the background where the malicious behavior intercepts crucial confirmation data to charge users without their consent or knowledge.

 

Lookout advises that users can protect themselves from malicious webpage’s by taking a few precautions:

  • After clicking on an advertisement, make sure the page and URL matches the website the advertisement claims it’s sending you to.
  • Download apps only from trusted sources. Also look at the developer’s name, reviews, and star ratings. If you are suppose to be on the Android Market, check the URL to make sure you are on the Market and not redirected to another site.
  • Always monitor your phone for any unusual behavior like unusual SMS messages, strange charges on your phone bill or unusual network activity. Check all apps running in the background and investigate any that you think should not be running.
  • Don’t download any third party apps by making sure "unknown sources" is not check off in "application settings" in your android system.
  • Download a mobile security app for your phone that scans every app you download to ensure its safe.

 

More information: Lookout Blog

 

This post has been promoted to an article

Link to comment
Share on other sites

It seems the application is installed through the "fake" Android Market site. The site asks you if you want to install an application (in one case a battery optimizer and in another a porn app :rolleyes:). Once installed, the virus makes its "job" without user's knowledge.
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...