Trend Micro Labs has reported a new malware on Android Marketplace, which runs in the background as a Google+ App with an icon and is capable of automatically answering all incoming calls under certain conditions.
There is no confirmed origin of this malware, which is identified as ANDROIDOS_NICKISPY.C.
Google’s Android platform has been suffering malware woes for quite some time. Apparently, the open ecosystem model is showing its demerits.
Mark Balanza, an analyst of Trend Micro, has discovered an Android malware called ANDROIDOS_NICKISPY.C, which can infect an Android device and continue to run in the background as a normal Google+ App. The cautionary part here is that the malware installs and runs as a fake Google+ app and uses multiple services on the device.
This malware can record phone calls and also answer calls. Unlike its previous versions, ANDROIDOS_NICKISPY.C can answer calls but requires a specific number on the controller tag of its configuration file and that too works only when the phone’s screen is off. This means the hacker can make calls to the infected device and the malware will answer the call even when the user is not aware of it.
ANDROIDOS_NICKISPY.C only infects devices running Android 2.2 or lower since the access permission to certain critical services has been disabled in the Android 2.3 update.
Usually, this type of malware comes from third party websites, cracked apps and unaccredited sources that distribute Android apps.
Now, apart from finding a solution to fragmentation, Google’s Android team must also pay attention to the rise in Android malware.