updated 07:30 pm EDT, Fri August 12, 2011
Nickispy malware for Android mimics Google service
A new strain of hostile Android code is exploiting the rise of Google+ to attack phones, Trend Micro discovered Friday. Nickispy.C uses many of the same services as the A and B variants but calls itself Google++ and uses the social network's icon for virtually all of its services to trick less experienced users. When active, it can scrape text messages, GPS positioning, call logs, and even the calls themselves, uploading them to a specific address.
The new variant is cleverer than earlier versions in its ability to answer calls on its own. If it gets a call from a "controller" marked in its configuration file while asleep, it automatically puts the phone on silent to avoid tipping off the owner and masks the data to look as though it's just on the current home screen. Its creator's trick lets an attacker snoop on a call in real time instead of having to record it and send it later.
It's not clear if Nickispy.C has been found in Android Market apps or if it has been limited to third-party app stores.
Any device using Android 2.2 and earlier is a potential target. While patched out of Android 2.3 by a fix blocking the ability to change the phone state without consent, the splintered platform leaves 74.4 percent of Android users exposed.