Android Malware Set for July 4 Carries Political Message

McAfee Mobile Security has identified a new Android Trojan embedded in a pirated copy of an exclusive app from rapper Jay Z. We suspect the malware author is attempting to go after the demand for the app Magna Carta Holy Grail on pirated sites. The legitimate app has been released exclusively for Samsung devices on Google Play.

On the surface, the malware app functions identically to the legit app. But in the background, the malware sends info about the infected device to an external server every time the phone restarts. The malware then attempts to download and install additional packages. The only visible indication that a user is infected comes via a time-based trigger that is set to activate on July 4, Independence Day in the United States. On that day, the malware will replace the wallpaper on the infected device with an altered image (below, second from right) of President Obama that comments on recent events in the United States. Based on the political message and the fact that it was embedded in an app that coincides with the release of Jay Z’s latest album, we suspect the Trojan was recently introduced into the wild.

image1

The image and the service name NSAListener suggest a hacktivist agenda, but we haven’t ruled out the possibility that additional malware may target financial transactions or other data.

Mobile malware seems to have no bounds when it comes to tactics or growth rates. To paraphrase lyrics from Jay Z, it seems Android malware has 99 problems and Android/AntiObscan just became another. We recommend that you always be cautious when downloading apps from unknown sources and keep your security product updated.