It wasn’t that long ago when we got wind of the Geinimi Trojan Lookout Security spotted on Android, and it looks like they have found yet another. This one is called HongTouTou, and it finds itself repackaged in third-party app stores and forums in China.
According to the Lookout blog, the HongTouTou,
requests additional user permissions and appears to be executing a set of search-related activities in the background (unknown to the user) including emulating keyword searches and clicks on specific search results.
If you only download applications from the Android Market you’ll be just fine, but if you’ve downloaded application from forums, be aware. The Trojan looks like it’s only circulating in China right now, but all it would take is downloading an infected app, and you’ll get permission-bypasses galore. The Trojan can monitor your SMS conversations, as well as join in by sending specific keyword related content, which is likely spam.
The Trojan can get access to the following:
Sounds like bad news to us, and so far Lookout has discovered 14 applications that the HongTouTou has infected, one of which is RoboDefense, the most popular paid game on the Android Market. We’re wondering if the relation to these virus’ coming from China have anything to do with the fact that many handsets there don’t ship with the Android Market, leaving the user to download applications elsewhere.
It will be interesting to see Google’s approach to this ever-growing issue. While it may not be affecting many people, its existence alone is enough to be concerned with. We don’t think Google is ignoring the situation, but they are taking their sweet time.
The HongTouTou has plenty of other sneaky things it can do to exploit your handset, and you can head over to the blog for more information.
You can download Lookout Mobile Security here (from the Android Market, of course)