A Trojan that steals contact details from Android-running devices was spotted with a bogus battery optimization app.
Luring users with the promise of increased battery performance upon installation, the Trojan covertly scans address books and broadcasts phone numbers and email addresses to an attacker-controlled domain.
After sending all contact details, it displays an image with a GONE visibility state, followed by a message saying: â€ç”³ã—è¨³ã”ã–ã„ã¾ã›ã‚“ã€‚ãŠä½¿ã„ã®ç«¯æœ«ã¯æœªå¯¾å¿œã®ãŸã‚ã”åˆ©ç”¨ã„ãŸã ã‘ã¾ã›ã‚“â€.
Translated from Japanese, it means â€œI am sorry. Your terminal is not available or unsupportedâ€.
Users then believe the app really isnâ€™t compatible with their handset and usually uninstall it, believing nothing happened.
Although the message is in Japanese, the Trojan is perfectly capable of infecting any Android-running device and scan address books regardless of region or carrier. Why attackers need the phone numbers and email addresses on your device is unknown, but we can speculate that it has something to do with spam campaigns.
The application does nothing to improve battery performance and users are left believing their device was simply incompatible with the app. Even the appâ€™s icon is pretty convincing, displaying a green battery logo.
Whatâ€™s striking is the simple nature of the Trojan and the high impact it can have. Besides a carefully chosen name that addresses smartphone users plagued by low battery performance, the appâ€™s purpose is straightforward upon closer examination.
All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.