According to Dinesh Venkatesan, a security researcher with CA Technologies, this new malware can impersonate multiple popular messengers and chat clients.
This chameleon malware, he says, has multiple icons buried within its program code, all designed to entice Android users into downloading what they think is an attractive multi-featured app, which could be really bad news all round for them.
This particular strain of malware, he notes, triggers the sending of text messages – presumably silently in the background to premium rate numbers – and then asks the user to download the original software from the legitimate site.
“The final message - the prompt with the link to the legitimate site - is constructed as a template message. This template gets filled with the appropriate URL from where the current impersonated software can be downloaded”, he says in his latest security posting.
Whilst the software is being `downloaded' Venkatesan says it is actually sending text messages in the background, specifically when the progress bar reaches 30, 56, 77 and 86.
By setting code hooks in the malware, Venkatesan says he was able to gain control of the malware when the code generates a text message and, by altering the destination number, he and his team were able to learn a lot more about how this malware functions.
“Cases like these clearly reiterate the fact that malware authors take social engineering tricks very seriously and almost all the Android malware cases registered so far involves social engineering tricks”, he said.
“As usual we recommend the users to be aware about these social engineering tricks and pay attention while authorizing applications and always download software from the legitimate market sites and keep your security software up to date”, he added.