Android Trojan poses as game of noughts and crosses

Goaml malware steals text messages and emails

A new Trojan that targets Android devices while pretending to be a game of noughts and crosses has been uncovered by security researchers.

According to Anton Kivva, antivirus analyst at Kaspersky Lab, the Gomal Trojan sports all of the usual spyware functionality, including the ability to record sounds, process calls and steal SMS messages. 

Advertisement - Article continues below

The Tic-Tac-Toe malware also uses tools that provide access to various Linux services by attacking the Android operating system and can also read the device's process memory, which, according to Kivva, can jeopardise many communication applications.

Gomal also steals data from logcat the logging service built into Android that is used for application debugging. "Developers very often have their applications outputting critically important data to Logcat even after the apps have been released. This enables the Trojan to steal even more confidential data from other programs," said the security researcher.

The malware is capable of stealing emails from Good for Enterprise, a secure email client for corporate use, the researcher added. Data theft in this situation could lead to serious issues for the company where the device owner works.

"In order to attack Good for Enterprise, the Trojan uses the console to get the ID of the relevant process (ps command) and reads virtual file /proc//maps. The file contains information about memory blocks allocated to the application," said Kivva in a blog post.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

The techniques used by Gomal were originally implemented in Windows Trojans, but have now progressed to Android malware.

"What's more alarming is that this technique can adapt to steal data from other applications as well as Good for Enterprise it is likely that a range of mobile malware designed to attack popular email clients, messengers and other programs will appear in the near future," he said.

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now
Advertisement

Recommended

Visit/security/30081/what-is-a-trojan-virus
Security

What is a Trojan?

24 Apr 2020
Visit/security/phishing/355810/zloader-malware-returns-as-a-coronavirus-phishing-scam
phishing

ZLoader malware returns as a coronavirus phishing scam

27 May 2020
Visit/security/hacking/355806/anarchygrabber-hack-steals-discord-tokens-ids-and-passwords
hacking

AnarchyGrabber hack steals Discord tokens, IDs and passwords

27 May 2020
Visit/security/hacking/355801/scammers-using-coronavirus-contact-tracing-in-hacking-attempt
hacking

Scammers leverage contact-tracing in hacking attempt

27 May 2020

Most Popular

Visit/operating-systems/microsoft-windows/355812/microsoft-warns-against-installing-windows-10-may-2020
Microsoft Windows

Microsoft warns users not to install Windows 10's May update

28 May 2020
Visit/security/cyber-security/355797/microsoft-bans-trend-micros-rootkit-buster-from-windows-10
cyber security

Microsoft bans Trend Micro driver from Windows 10 for "cheating" hardware tests

27 May 2020
Visit/policy-legislation/data-protection/355835/nhs-yet-to-understand-the-risks-of-holding-test-and-trace
data protection

NHS yet to understand risks of holding Test and Trace data for 20 years

29 May 2020