Wednesday, January 11, 2012

New Android Trojan poses as Carrier IQ detection tool

Picture by SecurityNewsDaily
 A very new (and smart) Android trojan is now worming its way on to phones via fake Carrier IQ Detector.

Called "Android.Qicsomos" by Symantec researchers, the Trojan is a version of an open source project designed to detect Carrier IQ, a diagnostic tool built into a host of smartphones from all different carriers. Carrier IQ caused an complete uproar in the tech and smartphone world when a independent researcher discovered that software called Carrier IQ was keylogging text that was entered. While Carrier IQ has said that its software is only used for stats and other technical info for carriers, as well as how users use their phones, it still did not stop the uproar. This even caused Sprint, one of the users of Carrier IQ, to say that they were disabling the software on all of their phones, just a few days after stating that they have been using Carrier IQ for years.

According to researchers, Qicsomos, which is currently affecting French Android customers, hides in an app called "Detecteur de Carrier IQ" and appears on devices with an icon similar to Orange, a major European telecom operator. When the user notices the icon and presses "D├ęsinstaller" (to uninstall Carrier IQ ), the Trojan goes to work: it sends four premium rate text messages, which the smartphone owner is then billed for, then erases itself. If you think that you have been affected by this, it is recommended that you contact your carrier and report the issue, and if necessary, your bank/credit unions.

And if you haven't already know about this, there is numerous anti-virus programs out there for Android users. I recommend using Lookout Security, a free AV app for your phone that is proven effective against malware and is trusted by many Android users.

No comments:

Post a Comment

Note: This is Blogger's comment system. This system is a backup for when Disqus can't be reached by your computer, such as when your network blocks connections to disqus.com. The comment policy still applies regardless.