November 9, 2009
SMobile Systems is proud to announce that it is the first mobile security company to detect and prevent its customers from the World’s first Spyware threat for Android devices. On Oct 26, 2009, the MobileSpy officially released the spyware version for BlackBerry. Now, they have released the world’s first mobile spyware application for Android. It appears that the Mobile Spy team has been working hard in the last couple of weeks to get their spyware application ported to Android devices. According to Mobile Spy, “this Spyware Application is not meant for a use on a phone you do not own and have proper permissions to monitor”, and its spyware now supports all Android models, including the new Motorola Droid and T-Mobile My Touch 3G.
How does your Android get infected?
The attacker requires physical access to the Android device to install this spyware. Additionally, the Mobile Spy “User Guide” indicates that it is necessary to download and install two additional free applications from the Android Market to assist with the download and installation processes.
How does it work?
Once Mobile Spy is installed and configured on the device it silently records all calls, SMS activities, GPS locations, and visited web site URL’s. The collected data is then uploaded to the Mobile Spy servers where the attacker can then monitor the logged activity via web account with Mobile Spy. Attackers can then log into their online Mobile Spy account and view your device’s activity and personal communications.
What can you do to protect your personal communications?
At this point in the game, mobile malware (spyware for instance) is nothing new or startling. It is not really even startling to see Mobile Spy now running on Android. What is important to understand is that it is becoming increasingly clear that users must take it upon themselves to protect their devices in the same manner that they would protect their laptops or desktops from attackers. With the exception of SMobile, there are very few mobile security solutions available that offer the much-needed protection from snooping and/or malicious attackers.
SMobile currently offers immediate detection and removal of Mobile Spy for Android devices with, along with many other security features for your Android device, with SMobile’s Anti-Theft and Identity Protection for Google Android. Removal of Mobile Spy involves a two-step process. First, the user will need to open SMobile Security Shield and run a virus scan to remove the infected installer file. Fig. 1 represents the result of the scan that was performed on an infected device.
Figure 1: Screenshot of SMobile Security Shield scanning result.
Finally, the user will need to manually delete the Retinax.Android application from the application settings menu to delete the actual application by navigating to Settings > Applications > Manage Applications and select the “Retinax.Android” application. The following screen capture illustrates the Retinax.Android application information screen on the handset. Simply click the “uninstall” button and the spyware application will be removed from the device.
Figure 2: Screenshot of spyware application installed on the device.
-Mayank Aggarwal, Global Threat Center Research Engineer