android trojan

The folks over at Lookout have released information about another Android trojan application -- named HongTouTou.  As we saw with the Geinimi trojan, this one has only been spotted in re-packaged (yes, we mean cracked) apps on a few Chinese language websites.  Specifically mentioned was the popular game RoboDefense, which has been cracked and pirated all over the web.  The Market version, both free and paid, of RoboDefense is unaffected -- only apk files that have been tampered with are affected.

What this one does is send data containing your device ID to a remote host, which returns a string of search engine URL data.  Then it emulates background keyword searches, generating clicks on specific results.  It's clearly designed to use your phone to increase click-through counts and generate a bit of income for the people who wrote it.  The HongTouTou trojan also has the ability to download an .apk that monitors your SMS messages and inserts keywords into the conversation.  Researchers at Lookout say they have not seen the trojan attempt to install the apk, but they have been able to disassemble it.

Lookout also says that users of their Android security suite (free or premium) have received an OTA update that protects them from HongTouTou. 

Here's the breakdown -- just like on your computer, if you go looking to pirate apps you just might end up with more than you bargained for.  That's your call, but if and when this happens, you can only blame yourself.  As of today, there has not been a case of true malware found in an app downloaded from the Android Market, and we haven't heard of any from other reputable third party marketplaces.  If you want to be safe, download and install a security app, and stay away from pirated applications. [Lookout Blog]


Reader comments

HongTouTou trojan identified, found in Chinese language websites [security]


Lol at the pic. But really, this isn't a big deal, and if you are stealing the apps, you deserve it. Just because its software doesn't mean its not like anything else someone works hard on and tries to make a living distributing. Its the equivalent of stealing something from a store. Period.

How soon till these things creep into popular Roms, or knock offs of popular Roms?

And who would notice if it did? Who has time to pour over every line of code?

It would seem that even Lookout would have a hard time detecting something hidden in the OS itself.

Well if you're venturing into things your really shouldn't or downloading from untrusted sources then it's really on the user. The answer is simple really, don't mess with things you don't understand or don't trust. When in doubt, avoid. Ideal answer? No, not really but it is what it is. Same could be (and has been) applied to PC users for years.

Well my point here was not so much about the Apps from sketchy sources, but rather the Roms that folks here and in the forums recommend at the drop of a hat.

So we are getting bifurcated advice on the boards. There is the "Different rom every week crowd". And the "Only from the Market crowd".

Jerry has one foot in either camp. (And I mean that in the nicest way).

Its a whole different thing than getting pwned by a pirated game on your PC. Its a whole operating system you end up installing in these Roms. Does anyone bother do download the sources and diff them? Seems everyone trusts these guys. Will some bad actors arrive on the scenes with really sweet looking roms that have some really hard to detect stuff going on in the background?

Understood. And I agree with your statement about where my feet are lol.

To be honest, if someone hasn't baked something like this (click-through money making scheme)into a ROM yet, they will soon. And that's going to be very difficult for the average user to see.

I'm not sure how this can be addressed, but in the meantime treat custom ROMs like you would an app -- only use what you know you can trust. Let's hope the community can police itself.


At this point EVERYBODY should have the free version of Lookout on their phone. Even if you have no need for the virus scan or backup feature...the GPS & "Scream" features themselves are more than worth the download.

Are you serious? I put that app on my phone and marveled at how much battery it sucked down when in the phone track mode. Myabe the antivirus part is less, but I pulled it off when my battery was at 50% after just a few hours off of the charger.

C'mon, this doesn't even warrant discussion. It's self explanatory. Apps aren't expensive. Getting a Trojan might be. Support the developers if you like the app.

Seriously. When most apps are only $0.99 it's not a sacrifice to actually purchase the damn thing. People can be so ridiculously CHEAP. God forbid someone makes money, huh?

I'll pay $10 for an app that does nothing more than change my ringtone before I'll download an app from a website in a language I can't read.

Common sense, folks. If you venture into the ghetto, be prepared to get shot.