We have found a new threat we are calling Android.TechnoReaper. This malware has two parts: a downloader available on the Google Play Market and the spyware app it downloads. The downloaders are disguised as font installing apps, as seen below:
Once you install the app, it looks like a nice app used to install new fonts on your phone:
Everything looks legitimate, but if you look in the code you’ll see you could get more than you bargained for:
The file ikno.apk is spyware that monitors SMS, call logs, and location. The information about your device and various activities is logged through a web portal. This is all described on their webpage:
The download link in the upper right corner says “Download iKno from the Android Market”, but it is not actually linked to the Android Market. When clicked, the ikno.apk file simply downloads directly from their site. This app is just another reason to have Webroot SecureAnywhere on your phone, catching malware before it can spy on you.