android trojan

The folks over at Lookout have released information about another Android trojan application -- named HongTouTou.  As we saw with the Geinimi trojan, this one has only been spotted in re-packaged (yes, we mean cracked) apps on a few Chinese language websites.  Specifically mentioned was the popular game RoboDefense, which has been cracked and pirated all over the web.  The Market version, both free and paid, of RoboDefense is unaffected -- only apk files that have been tampered with are affected.

What this one does is send data containing your device ID to a remote host, which returns a string of search engine URL data.  Then it emulates background keyword searches, generating clicks on specific results.  It's clearly designed to use your phone to increase click-through counts and generate a bit of income for the people who wrote it.  The HongTouTou trojan also has the ability to download an .apk that monitors your SMS messages and inserts keywords into the conversation.  Researchers at Lookout say they have not seen the trojan attempt to install the apk, but they have been able to disassemble it.

Lookout also says that users of their Android security suite (free or premium) have received an OTA update that protects them from HongTouTou. 

Here's the breakdown -- just like on your computer, if you go looking to pirate apps you just might end up with more than you bargained for.  That's your call, but if and when this happens, you can only blame yourself.  As of today, there has not been a case of true malware found in an app downloaded from the Android Market, and we haven't heard of any from other reputable third party marketplaces.  If you want to be safe, download and install a security app, and stay away from pirated applications. [Lookout Blog]