As the number of Android users continue to rise, it is not surprising that users of the Google-powered mobile operating system is being exposed to more threats, especially from unscrupulous parties that intend to spread malware for their own benefit.
Panda Security is warning against a new wave of possible serious malware that has already hit the Google Play app store. The online security vendor believes that the virus may have already possibly infected at least 300,000 unsuspecting Android device users.
The security vendor’s research team has indicated that the volume of users that may have already been infected by the malware may potentially rise to about 1.2 million. This is so as the malicious app is readily and widely available for instant downloading on Google’s online app store.
Panda Security warned that without the knowledge of Android users, the app is able to obtain the phone number that is used by the device. It would then virtually go to a special Website to register the account to a premium SMS service.
That service would require confirmation for activation. It could send an SMS to the same number using a PIN code that has to be entered back to complete the process and begin changing the user money. The app then waits for a specific message containing PIN data. Once that message arrives, it gets intercepted and the PIN is taken to be used elsewhere.
Panda Security thinks that the malware steals unsuspecting victims’ phone numbers through the messaging app WhatsApp. It did not indicate if the same malware is present in other messaging software. This has yet to be confirmed, though.
Advise to users
The company has one tip for users to determine if they have been victimized. Panda Security said that once the malware is installed, it would force the victim to readily accept its terms of service through making the typical ‘Close’ (or exit) button difficult, if not impossible, to locate.
Alarmingly, according to data from Google Play, the infected app has already been downloaded for about 50,000 to 100,000 times. This may mean that it has infected a considerably huge number of users. The security vendor has advised users to always read necessary permissions when installing every app. If the app requires to read SMS and establish online connection, although Internet connection is not really necessary, users should not install it.