Android "InfoStealer" Poses as Japanese Phonebook App

Bitdefender Labs recently analyzed an Android app that collects geolocation data, device IDs, email addresses and more. Although no longer available in the official store, the app lures users with the promise of access to a comprehensive Japanese database with advanced queries based on name, location and even phone numbers.

While the application looks legit and promises access to a database of 38 million contacts, it also uploads users` device IDs and other personal data to a remote database.

“National phone book Free” classifies as an InfoStealer Trojan by uploading user data into a MySQL database and grabbing information such as name, phone number, postal code, country, region, city, address, street, email address, latitude, longitude, and IMEI.

The apps` description does specify that GPS information and address book access is required, but it does not state that this data will be added to the database as well. o

Below is a screenshot where the app checks if the phone is already in the database:

When accessed via browser, the domain hosting the database redirects to a blog on unrelated Android topics.

Here`s what details are collected from your device:

In what at first glance looks like a Japanese version of The Yellow Pages, sensitive and confidential user data is grabbed and stored. Although collecting Android device IDs isn`t considered malicious, it`s only accepted as long as an app legitimately requires it to function.

To stay safe from malware, we strongly recommend the usage of an Android mobile security solution and a close eye on what permissions apps require on installation.

All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.

This article is based on the technical information provided courtesy of Csaba-Zsolt JUHOS, Malware Researcher.