Kaspersky’s Mobile security researcher Denis Maslennikov has found a malicious application that affects Android smartphones. The app is actually an Internet Relay Chat bot that runs automated tasks over the internet. This is in fact the first such app found on Android and it comes in the guise of the popular Madden NFL 12 game.
When an Android smartphone user downloads and installs the popular game or application from lesser-known third party app stores, the IRC bot quietly gets installed in the device.
Maslennikov explains that after the app is installed, the malware, disguised as Madden NFL 12, aims to take complete control of the device. Once the malware gets root (administrator level) access, the IRC bot gets installed along with an SMS Trojan. The root access allows the attacker to control the smartphone remotely and send an SMS to a premium rate number and thereby increase cost for the user.
All this is in the background and the user has no clue of what is happening to the credit balance. The premium rate numbers are usually international numbers, hence SMSes to these numbers cost a lot.
The IRC bot connects to any random remote IRC server with a random nickname. Once connected, the IRC bot becomes capable of receiving shell commands to perform specific functions on the device. In this entire attack, the malicious app needs to gain root access to perform nefarious tasks. If your device is not rooted, or if it is rooted through proper methods, there is nothing to worry about.
As always, users are recommended to download apps only from reputed and verified app stores such as Android Market, Amazon App Store and Getjar. Applications from an unknown location can prove to be dangerous.
Needless to say, this premise depends on one thing — if the phone is rooted and that with an outdated code. Unless you are an advanced user we recommend not rooting the smartphone.