Japanese Android (News - Alert) users who are prompted to download an application called “The Movie” may find themselves starring in their own real-life horror film, according to Symantec’s (News - Alert) blog. It's actually part of a spate of recent Android malware.
Symantec said they've already identified 29 malicious apps, most of them masquerading as popular games or videos.
“The apps share common programming code so we can assume it is a sole individual or an organization who is committing the crime,” Joji Hamada, a Symantec employee, said in the blog post. The first app was confirmed on Google (News - Alert) Play on February 10, with more apps not appearing until late March.
When they started using names that ended in “The Movie,” users started installing them in droves. Symantec counted 70,000 devices infected, but said the number could actually be as high as 300,000. “Not only are users whose device has been infected victims, but the people in the Contacts are also victims seeing as their information is stolen,” Hamada said.
The apps ask for three permissions upon installation: full Internet access, the user's contact data and the phone's state and identity.
When apps appear to connect to an external server also known to distribute other Android malware to download the movie the user has requested, it's actually uploading private information to which the user has given the app access.
“The purpose of this attack is not clear,” Homada said, “however, a strong assumption is that the scammers are harvesting emails addresses and phone numbers to use for their next round of malicious activities, such as spamming scams by email or calling individuals to attempt to defraud them. So the information could be sold to criminal groups.”
The blog post includes screenshots of what the apps typically look like, as well as common names. Symantec recommends users that have suspicious apps on their devices delete them, or use Norton Mobile Security.