New Android malware lurking as Obama-Romney polling app

A new malware is now targeting voters in the United States, disguised as a polling service to see if they prefer reelectionist President Barack Obama II and Republican presidential nominee Williard Mitt Romney.

 

Security vendor Trend Micro said it uncovered at least four such mobile apps on Google Play and some third-party app stores.

 

"(W)hen installed, (they) gain access to specific device information that can be used without users’ consent and may lead to data leakage," it said.

 

It added one of these apps was already removed from Google Play but remain available on third-party ones.

 

Trend Micro said the apps, which can be downloaded for free, are exploiting the upcoming 2012 US presidential election.

 

It said the first app called “Obama vs Romney” is detected as ANDROIDOS_AIRPUSH, and tries to connect to airpush.com, a mobile ad network site.

 

"We found that this app has more than 300 downloads from third party stores and an estimated 500 to 1,000 downloads from Google Play so far," it said.

 

Trend Micro said the app was designed as a polling service in which users can choose between the two candidates.

 

It is supposed to display an overall result of the poll immediately.

 

"However, during our testing, it ends up showing the message 'you probably want to start clicking as soon as possible,'” it said.

 

Also, Trend Micro said this app displays potentially annoying ads served from airpush.com that are displayed outside of the app itself.

 

Trend Micro said the app also contains ACCESS_COARSE_LOCATION that can access information that includes the device’s GPS location.

 

A second app is the “Captain America Barack Obama 1.0” detected as a ANDROIDOS_ADWLEADBOLT variant, that installs a Barack Obama 3D wallpaper and US flag on the affected device.

 

This was already removed from Google Play but is still available on third party app stores.

 

"Similar to the 'Obama vs. Romney' app, it comes with the ACCESS_COARSE_LOCATION, ACCESS_COARSE_LOCATION and other permissions that gain access to device information like GPS location, CellID, and Wi-fi location," Trend Micro said.

 

Upon installation, the app also creates a shortcut in the homescreen page of the device.

 

So far, Trend Micro this app has been downloaded 720 times from third party app stores.

 

Meanwhile, the third and fourth apps are “Barack Obama Campaign LWP 1” and “Mitt Romney Live Wallpaper 1,” both detected as ANDROIDOS_ADWLEADBOLT variants.

 

"Both of these apps also contain ACCESS_FINE_LOCATION and ACCESS_COARSE_LOCATION. Similar to the above mentioned apps, they display ads on the device. Users can prevent this ad display by clicking a specific URL and disclose certain information such as their International Mobile Equipment Identity (IMEI) and device type to the said site," Trend Micro said.

 

But it said users will likely not notice this and opt to receive the ads.

 

Trend Micro advised that users read app reviews and developer’s reputation.

 

It also said users must make it a habit check the access that the apps require, specially if it asks for too much.

 

"It is not uncommon for cybercriminals to create apps that request access for information, which they can later use for their malicious activities," it said. — TJD, GMA News