Android Trojan Found in Google Play

Japanese users of Google's online clearing house of downloadable entertainment for Android devices are being targeted with a Trojan horse that displays requested videos but nicks personal information in the process.

Antivirus company McAfee posted a blog item this afternoon about the Trojan, which was found lurking in the Google Play marketplace.

The Trojan hid itself in applications that promised trailers of upcoming Japanese-language video games, or those that offered scenes from anime or adult Japanese videos, McAfee reported on its blog.

McAfee Mobile Security detects these threats as Android/DougaLeaker.A, the company said.

McAfee said that the fifteen malicious applications of this sort had been found on Google Play, and that all had been removed from the market. However, McAfee employee Carlos Castillo reported that users should beware applications like these that promise to display video content, then ask for permissions they shouldn't otherwise need - in this case, "read contact data" and "read phone state and identity".

In this case, the app gathers the Android ID - not the IMEI code that can uniquely identify the device, but the 64-bit number that is randomly generated on the device's first boot and remains with it for the life of the device. The app also harvests the phone's phone number and contact list, along with every name, phone number, and email of every person in the contact list.

As the data is being harvested, the app displays a "loading" message. If the app is successful at harvesting the data, the video will play; otherwise, an error message is generated, McAfee said. 

You can read McAfee's full post on the matter here.