Android game secretly transmits GPS coordinates
Source: Symantec In a post on their Connect blog, security specialist Symantec reports on a new trojan for Android that masquerades as a free Tap Snake game, while secretly transmitting GPS coordinates to a server in the background. These coordinates can then be retrieved and displayed in Google Maps via the GPS Spy Android app sold for €5 by the same vendor, Maxicom. According to Symantec, the Tap Snake process can't easily be killed and continues to run in the background.
However, Tap Snake and GPS Spy must be linked by entering specific data. This makes it impossible to launch tracking attacks without the potential attacker – such as a jealous partner – briefly having physical access to the (unlocked) target Android device.
Anyone innocently installing the game might have their suspicions aroused because it requests access to the GPS receiver – although this privilege is also requested by many other apps for no obvious reasons. Applications requesting privileges not actually required have caused unjustified suspicions on various occasions in the past.
Such suspicions were proved justified in the case of a certain media player. Last week, AV vendor Kaspersky sighted the first SMS trojan for Android. The malware disguises itself as a media player and, once installed, secretly sends out SMS messages to premium rate numbers.