Russian virus researchers at Dr. Web have detected a new Trojan “Android.Spy.40.origin” spread on android devices by SMS spam. The message contains a link that when clicked on executes an APK file.
Once installed on the device the Trojan hides inbound text messages from the recipient and forwards them to a server which the Trojan also receives orders from. The Trojan also downloads your contact list to the server, removes installed apps, sends text messages from the infected device, and blocks outbound calls.
Thus far Android.Spy.40.origin has escaped detection from antivirus software by exploiting an Android vulnerability. The file format specification for zip files has a ‘General purpose bit flag’ in the archive header. Once the bit is set the files in the archive are treated as encrypted or password protected. By taking advantage of this specification the Trojan can exploit a vulnerability in Android.
So far Android.Spy.40.origin has confined itself to mostly South Korea and other parts of Asia.That doesn’t mean it can’t spread. And the real threat here is that, until Android issues a patch, other malicious software can use this Android vulnerability in the future.