Nickispy.C Poses As Google Plus App On Unsuspecting Users' Androids
As the Android mobile OS becomes more popular, it also becomes the target of more and more spyware, malware, and antivirus attacks. This time a strain of the Nickispy trojan virus is taking advantage of the rise in popularity of Google Plus by using it’s name and icons. It calls itself Google++ and it’s got nothing but bad up its sleeve.
Among Nickispy.C’s tricks are these nefarious acts of darkness:
- Scrape call logs
- Scrape text messages
- Record GPS position information
- Record phone calls
It then can send all of this information to a remote site. The bad news doesn’t stop there. It also has the ability to answer calls on its own while masking it so the user doesn’t suspect a thing. Add to this the ability for an attacker to actually listen in on calls in real time and it’s enough to creep anyone out.
According to TrendMicro who detail what you can do should you find an infection (also duly credited for the image directly above):
This Android spyware automatically executes upon boot-up and runs certain services that monitor SMS, calls, and location.
When executed, it does several routines such as gathering the GPS location, recording calls made in the infected phone, and stealing messages in the inbox and outbox.It sends the information it gathers to a remote site using port 2018.
This spyware may be unknowingly downloaded by a user while visiting malicious websites. It may be manually installed by a user.
It bears the file icons of certain applications to avoid easy detection and consequent removal.
There is some good news though. For one, we’re not sure if the malware has made it into the Android Market of if it’s only found in third-party app stores. Also, Gingerbread has included a fix that would require consent before any changes to the phone’s state can be made. Android 2.2 may still be vulnerable though.