2 min read

Fake Store App Broadcasts Your GPS Coordinates

Liviu ARSENE

July 17, 2012

Promo Protect all your devices, without slowing them down.
Free 30-day trial
Fake Store App Broadcasts Your GPS Coordinates

Bitdefender Labs stumbled on some interesting Android spyware that broadcasts your GPS location to a remote server on a regular basis. Hiding in the background and only displaying an icon that has “Store” written on it, the spyware boots up every time you reset your device or when you install/uninstall an app.

Here`s the app`s icon:

It`s obvious that it tries to trick users into thinking it has store-like features by using a misleading icon. Besides broadcasting your latitude and longitude, it sends the name of your carrier by means of any existing internet connection. An odd behavior is that it also tries to enable your Wi-Fi connection and scan for available access point details that are then sent to the same domain name.

Here`s a screenshot with the location tracking function:

Speculating on why all this information is broadcasted, we could conclude that infected devices act as beacons, providing attackers with a relative positioning of certain Wi-Fi networks and the frequency to which infected devices connect or interact with them.

The broadcasts are set for every couple of seconds, meaning that your location is thoroughly tracked and posted on the attacker-controlled domain. Even if it can`t enable the Wi-Fi connection, it still broadcasts GPS coordinates regardless of hotspot details.

Here`s a screenshot with the domain name and broadcasted information details:

The lack of a user interface makes the malware both lightweight and really effective in hiding its presence from users. It`s likely we`ll see this spyware bundled with other apps, because this type of service is easy to keep running in the background so it can broadcast GPS coordinates.

To keep intrusive or malicious Android apps away from your smartphone, don`t forget to use mobile security software.

All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.

This article is based on the technical information provided courtesy of Ioan Lucian STAN , Malware Researcher.

tags


Author


Liviu ARSENE

Liviu Arsene is the proud owner of the secret to the fountain of never-ending energy. That's what's been helping him work his everything off as a passionate tech news editor for the past few years.

View all posts

You might also like

Bookmarks


loader