Android malware potentially stole up to 450, 000 pieces of personal data: Symantec

[Erica Absetz <eabsetz () opensecurityfoundation org>]

http://www.networkworld.com/news/2013/012413-android-malware-potentially-stole-up-266088.html?source=nww_rss

Computerworld Australia - A fake app store that steals personal
information on Android devices may have potentially stolen between
75,000 and 450,000 pieces of personal data such as contact details,
according to security firm Symantec.

[ALSO: Android malware cases to hit 1 million in 2013]

Not long after Symantec discovered Android.Exprespam, the security
firm acquired data that indicated more than 3000 visits were made to
the fake app store called Android Express's Play from 13-20 January.

Download our Smartphone Super Guide for iPad

"The scam has only been around for about two weeks so I am sure that
this is just the beginning for the scammers and the amount of personal
data collected will increase exponentially," Joji Hamada, a Symantec
employee, wrote in a blog post.

Symantec has found another version of the fake app store, with the
domain registed by the Exprespam scammers. The store has not been
given a name and appears to still be under construction. However, the
security firm warns that a new malware variant is being hosted in the
site.

"The scammers are constantly modifying their tactics so that the scam
provides a good 'return' for them. These updates will not end until
the scammers either are caught by the authorities and punished or
cease scamming people, which is unlikely to happen anytime soon,"
Hamada wrote.

For all smartphone users, the research firm suggests to only download
apps from well-known app vendors, avoid clicking on links in emails
from unknown sources and install a security app.
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.