Kaspersky Lab has detected a new mobile Trojan that targets Android devices while camouflaged as an innocent game of Tic-Tac-Toe. The Gomal Trojan collects information about the devices it infects and sends all that data to its master server. But this malicious program also has new functions that are rarely seen in this type of malware.
Gomal camouflage
Gomal has all the usual spyware functionality. It can record sounds, process calls and steal SMS. In addition, it possesses mechanisms that provide access to various Linux services, attacking the operating system on which Android is based. In particular, the Trojan can read the process memory, jeopardising many communication applications. For example, it can steal emails from Good for Enterprise – an application positioned as a secure email client for corporate use. As a result, any data theft could cause serious problems for the company where the device owner works.
FREE Webinar on Oct. 21 at 3:30pm EDT: The Top 3 Threats to Retail IT Security and How You Can Defend your Data
“This seemingly harmless game of TicTacToe gives cybercriminals access to an enormous amount of the user’s personal data and corporate data belonging to his employer. The techniques used by Gomal were originally implemented in Windows Trojans, but now we can see they have moved on to Android malware. What’s more alarming is that this technique can be adapted to steal data from other applications as well as Good for Enterprise. It is therefore likely that a range of mobile malware designed to attack popular email clients, messengers and other programs will appear in the near future,” says Anton Kivva, antivirus analyst at Kaspersky Lab.
To reduce the risk of infection by mobile malware we recommend that users:
· Do not activate the “Install applications from third-party sources” option.
· Only install applications from official channels (Google Play, Amazon Store, etc.).
· When installing new apps, carefully study which rights they request.
· If the requested rights do not correspond with the app’s intended functions, do not install the app.
· Use protection software.
More details about the Gomal Trojan are available at Securelist.com.
About Kaspersky Lab
Kaspersky Lab is the world’s largest privately held vendor of endpoint protection solutions. The company is ranked among the world’s top four vendors of security solutions for endpoint users*. Throughout its more than 17-year history Kaspersky Lab has remained an innovator in IT security and provides effective digital security solutions for large enterprises, SMBs and consumers. Kaspersky Lab, with its holding company registered in the United Kingdom, currently operates in almost 200 countries and territories across the globe, providing protection for over 300 million users worldwide. Learn more at www.kaspersky.com.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.