Attack of Fake Lookout Android App

fake-update-app

Today I stumbled across an alert about a new malware discovered by TrustGo.  What caught my attention was this malware is pretending to be Lookout Mobile Security‘s Android app.

TrustGo’s post details how the malware works:

The malware, Trojan!FakeLookout.A, is embedded in another bogus app that supposedly “helps” you update a bunch of other apps.

fake-update-app

Once the bogus app is installed, however, it cannot be found in the Application List.  The only place you will find this bogus app is in the Downloaded app list.  What’s more interesting is that it has Lookout’s logo.

FakeLookout1-300x176

The malware receives and executes a list of commands from a remote server (located in some in Colorado US) that includes:

  • Stealing user’s SMS and MMS messages (including images and videos) and uploading them to the remote server vis secure FTP (!)
  • Grabbing and uploading the complete file list from the user’s SD card to the remote server.
  • Using the file list to decide what specific files to upload to the remote server.

Scary stuff, indeed.  And that’s not it.  TrustGo’s researcher also found a malicious website being hosted this remote server.  The malicious website is dropping cross-platform malware intto the visitor’s machine — Different Trojan files are dropped depending on the visitor’s OS, be it Windows, Mac or Linux/Unix.

cross-platform-trojan

So not only the criminals are stealing personal and sensitive information from infected Android phones, they are attacking desktop/laptop machines with Trojans on the side.

And who said Linux/Unix are immune to malware attacks?

Response from Lookout

Lookout released a post to clarify that the malware “is no way related to Lookout,” even though it was “designed to look like an update to the Lookout (TM) mobile security application.”  So no, the Lookout Android app is not broken or hacked, and in fact the malware itself has nothing to do with Lookout.  The only thing that is Lookout-related is the Lookout logo the criminals stole, and they did it to try to trick you and to gain your trust.

Know The Apps You Download

The bogus app that is embedded with Trojan!FakeLookout.A has been taken off Google Play store, after TrustGo researchers notified Google about the malware.  That does not mean there aren’t other similar apps.  The bottom line is, criminals are exploiting people’s carelessness and trust to cause harm, so be cautious about what you download and where you download it from.  Even in a trusted environment such as Google Play store, be selective about whose apps you’re downloading.

Download apps only from developers with good reputation and whom you trust.  Pay attentions to the small details about the app before you download and install.  Do your research on the app AND the developer before downloading.

See Also

New Android Trojan Found in Google Play

Multi-platform attack site discovered via fake Lookout Android app