A new malicious Android application targeting device owners in France is taking advantage of the Carrier IQ controversy, according to researchers at Symantec.
Once installed, the Android app malware searches for Carrier IQ software, displays information about the device and then declares the absence of the software. When the victim attempts to uninstall the application, the Trojan sends SMS messages to a premium-rate number. Symantec calls the Trojan Android.Qicsomos.
The rogue application is not on the Android Market and appears in the device menu with an icon similar to the logo of a major European telecom operator, said Symantec researcher Irfan Asrar. The malware is believed to be spreading via a spam or phishing campaign.
“We cannot find any trace of this on the Android Market, which leads us to believe there may be a social engineering vector being used to spread the malware, such as a spam or phishing campaign pretending to be from an official carrier asking the users to download and run the software,” Asrar wrote in the Symantec blog.
The safe way to get rid of the application is to uninstall it from the application management settings in the main menu, Asrar said.
The application also contains certificate published through the Android Open Source Project. The certificate should only be able to fool older devices, Asrar said. Most commercial devices shouldn’t be affected.
The Carrier IQ controversy came to light in December, when a researcher discovered the software running in stealth mode on some smartphones. The software, which was installed by a number of major carriers without informing device owners, was designed to send pertinent information about the use of the device. The Carrier IQ software was found to capture only data specified by carriers according to their privacy standards and agreements with users.
Similar mobile applications designed to detect Carrier IQ are available for free. Romania-based antivirus vendor BitDefender has issued an Android application designed to detect the Carrier IQ software. San Francisco-based Lookout Labs created a Carrier IQ detector. Both applications cannot remove Carrier IQ software from the device because the software is integrated with the device firmware.