Kaspersky Lab warns against new mobile malware disguising as Tic Tac Toe game
Kaspersky Lab, a leading developer of secure content and threat management solutions, has detected a new mobile Trojan that targets Android devices while camouflaged as an innocent game of Tic-Tac-Toe.
The Gomal Trojan collects info about the devices it infects and sends all that data to its master server. But this malicious program also has new functions that are rarely seen in this type of malware.
Gomal has all the usual spyware functionality. It can record sounds, process calls and steal SMS. In addition, it possesses mechanisms that provide access to various Linux services, attacking the operating system on which Android is based.
In particular, the Trojan can read the process memory, jeopardizing many communication applications. For example, it can steal emails from Good for Enterprise app.
That application is positioned as a secure email client for corporate use, so data theft here could mean serious problems for the company where the device owner works.
“This seemingly harmless game of Tic Tac Toe gives cybercriminals access to an enormous amount of the user’s personal data and corporate data belonging to his employer. The techniques used by Gomal were originally implemented in Windows Trojans, but now we can see they have moved on to Android malware,” said Anton Kivva, antivirus analyst at Kaspersky Lab.
“What’s more alarming is that this technique can be adapted to steal data from other applications as well as Good for Enterprise – it is likely that a range of mobile malware designed to attack popular email clients, messengers and other programs will appear in the near future”, Kivva added.
To reduce the risk of infection by mobile malware we recommend that users:
- Do not activate the "Install applications from third-party sources" option
- Only install applications from official channels (Google Play, Amazon Store, etc.)
- When installing new apps, carefully study which rights they request
- If the requested rights do not correspond with the app's intended functions, do not install the app
- Use protection software