Fake Store App Broadcasts Your GPS Coordinates
Bitdefender Labs stumbled on some interesting Android spyware that broadcasts your GPS location to a remote server on a regular basis. Hiding in the background and only displaying an icon that has “Store” written on it, the spyware boots up every time you reset your device or when you install/uninstall an app.
Here’s the app’s icon:
It’s obvious that it tries to trick users into thinking it has store-like features by using a misleading icon. Besides broadcasting your latitude and longitude, it sends the name of your carrier by means of any existing internet connection. An odd behavior is that it also tries to enable your Wi-Fi connection and scan for available access point details that are then sent to the same domain name.
Here’s a screenshot with the location tracking function:
Speculating on why all this information is broadcasted, we could conclude that infected devices act as beacons, providing attackers with a relative positioning of certain Wi-Fi networks and the frequency to which infected devices connect or interact with them.
The broadcasts are set for every couple of seconds, meaning that your location is thoroughly tracked and posted on the attacker-controlled domain. Even if it can’t enable the Wi-Fi connection, it still broadcasts GPS coordinates regardless of hotspot details.
Here’s a screenshot with the domain name and broadcasted information details:
The lack of a user interface makes the malware both lightweight and really effective in hiding its presence from users. It’s likely we’ll see this spyware bundled with other apps, because this type of service is easy to keep running in the background so it can broadcast GPS coordinates.
To keep intrusive or malicious Android apps away from your smartphone, don’t forget to use mobile security software.
All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.
This article is based on the technical information provided courtesy of Ioan Lucian STAN , Malware Researcher.