Security agencies alert smartphone users of fraud Android app

Written by PTI | New Delhi | Updated: Feb 13 2013, 02:33am hrs
Computer and internet security agencies in the country have detected a notorious 'Android' application which illegally enters smartphones and compromises their security by sending SMSes to unknown contacts.

The malware application has been identified as "Superclean or DroidCleaner" by India's premier computer security agency--Computer Emergency Response Team of India (CERT-In).

"It has been observed that an Android malware capable of infecting the connected (from smartphone) personal computers is available in the Android markets. The malware turned out to be a good reputation app (application) disguised in the name of "Superclean/DroidCleaner" and is capable of infecting the USB connected personal computer," the agency said in its advisory to Android technology based smartphone users in the country.

Once successfully installed, the agency said, "the malware calls home to remote domains and downloads executable files(svchosts.exe, folder.ico, Autorun.inf) on the root of the secure digital (SD) card which are capable of spying onto user personal computer.

"The app in general seeks the permissions to access and change the Wi-fi state, SMS manipulations, reading the contact details, uploading the SD card contents and contacting remote servers as seen from the AndroidManifest file," the advisory cautioned.

The security sleuths have asked smartphone users to take note if their phone starts sending out SMSes to unknown people or starts calling unidentified numbers not present in the directory of the phone owner.

"The app is enabled by the main launcher and subsequently restarts the running apps in the smartphone," it said.

The CERT-In has issued a host of directives in this regard and in order to be safe from this corrupted internet-based application.

"People download a host of applications from a smartphone. They should adhere to certain regulations specified," a senior official working in the domain of securing government websites said.

"Be alert for unusual behaviour on the part of mobile phones and make sure you have and up-to-date security software installed on your phone and check for unusual behaviour such as unknown application being installed without user consent, SMS being sent to unknown recipients and automatic phone calls being dialled," the advisory said.

Smartphone users should scan the device with an updated malware solution and exercise caution while clicking or visiting websites and links, the advisory added.