New Android Malware Lures Victims with Free Stuff

If you're an Android user, make sure you avoid clicking on any message that says you've just won a free video game or a $1,000 Target gift card. Failing to heed this advice could lead to your device becoming infected with a nasty Trojan virus.

This new Trojan virus is spreading so rapidly, according to one report, that it has already been offered to Android users roughly 500,000 times.

Problem Starts with Malicious SMS Texts

Here's how the scam works:

Owners of mobile devices running Google's Android operating system (OS) receive a Short Message Service (SMS) text inviting them to download a free copy of popular Android video game applications, such as Angry Birds: Star Wars; Need for Speed: Most Wanted; or Grand Theft Auto: Vice City.

Other spam messages may include something like the following: "You have just won a $1000 Target Gift Card but only the 1st 777 people that enter code 777 at [website name] can claim it!" (Source: informationweek.com)

When an unsuspecting user clicks on a link promising a free video game or some other prize, instead of the game or prize they'll get the malware installed on their device. (Source: informationweek.com)

Experts: Watch the Apps You Download

According to security expert Andrew Conway, the malicious software is set up to use infected devices "to silently send out thousands of spam SMS messages without your permission to lists of victim phone numbers that the malware automatically downloads from a command and control server." (Source: cloudmark.com)

Fortunately, the malware can't send the spam messages unless the device user allows the application access to the capabilities and information it needs.

The problem is, many people who install a new app don't bother to read the small print regarding all the permissions they grant, figuring the app is on the up and up, and that it needs those capabilities to operate.

Of course, malware can also strike at Android devices in other ways.

Experts say most Android malware is downloaded from third-party download sites, usually based in Hong Kong, rather than from the official Google Play store.

Security experts are therefore warning Android users to download only apps they find on Google Play, and that also come with a high reliability rating.