Skip to main content

Android security in question again as new trojan surfaces in Google Play

A new virus on Google Play called FakeLookout.A steals sensitive personal information from Android devices and transmits it to a remote FTP server operated by an unknown malicious actor, mobile security firm TrustGo Mobile has said.

FakeLookout.A is a trojan hidden in an app named "Updates" by Good Byte Labs and was "designed to look like an update to the Lookout mobile security application," the security vendor said. TrustGo Security Labs discovered the virus in a package named com.updateszxt found in Google's online app marketplace.

"The brazen use of a trusted app's logo shows just how aggressive malware makers are becoming. These fake apps not only put users' data and privacy at risk, they can damage the reputation of respected developers," TrustGo CEO Xuyang Li said, adding, "TrustGo continually monitors new apps uploaded to more than 185 marketplaces worldwide and is able to provide App Certification and Brand Protection services that alert developers when malicious clones and apps that falsely use their logos have been found."

The malware can steal an Android device user's MS/MMS messages, video files, and SD card files, meaning the potential for sensitive, identifying information to be lifted by the malware developer is real. Stolen data is transmitted to a domain in Thornton, Colo., TrustGo said, noting the same domain hosts a malicious website.

Calling FakeLookout.A a "new approach being attempted by malware makers," TrustGo said the site in question "contains a Trojan file that targets multiple platforms including Windows, Mac, and Unix/Linux operating systems."

The company said its free antivirus solution had been updated to protect users from FakeLookout.A and the TrustGo SAFE App Reputation cloud continues to be updated as similar threats are discovered.