May 10, 2013 By Nathan Collier

Android.TechnoReaper Downloader Found on Google Play

We have found a new threat we are calling Android.TechnoReaper. This malware has two parts: a downloader available on the Google Play Market and the spyware app it downloads. The downloaders are disguised as font installing apps, as seen below:

Screenshot1

Once you install the app, it looks like a nice app used to install new fonts on your phone:

Screenshot2

Screenshot3

Everything looks legitimate, but if you look in the code you’ll see you could get more than you bargained for:

Screenshot4

The file ikno.apk is spyware that monitors SMS, call logs, and location. The information about your device and various activities is logged through a web portal. This is all described on their webpage:

Screenshot6

The download link in the upper right corner says “Download iKno from the Android Market”, but it is not actually linked to the Android Market. When clicked, the ikno.apk file simply downloads directly from their site. This app is just another reason to have Webroot SecureAnywhere on your phone, catching malware before it can spy on you.

Share Button
0 comments

Trackbacks

  1. […] The threat, detected as “Android.TechnoReaper” by security firm Webroot, thankfully does not appear to be too popular. It is rather cleverly disguised though, as the security firm points out: […]

  2. […] The threat, detected as “Android.TechnoReaper” by security firm Webroot, thankfully does not appear to be too popular. It is rather cleverly disguised though, as the security firm points out: […]

  3. […] The threat, detected as “Android.TechnoReaper” by security firm Webroot, thankfully does not appear to be too popular. It is rather cleverly disguised though, as the security firm points out: […]

  4. […] The threat, detected as “Android.TechnoReaper” by security firm Webroot, thankfully does not appear to be too popular. It is rather cleverly disguised though, as the security firm points out: […]

  5. […] apps are plentiful on app stores online. Security firm Webroot has detailed one such find on the Google Play store – they are calling it Android.TechnoReaper. Elaborating on […]

  6. […] sendet. Die Dateien sind anscheinend schon von Google entfernt worden, ich habe die im Beitrag von webroot erwähnten Apps nicht mehr finden können. Der Erfolg und die Offenheit von Android lockt […]

  7. […] standing between devices and malicious threats is a good antivirus. Via: The Next Web Source: WebRootiKno Android Spy (Amazon […]

  8. […] investigadores de seguridad de Webroot han encontrado algunas fuentes la instalación de aplicaciones alojadas en Google Play que instalar […]

  9. […] The threat, detected as “Android.TechnoReaper” by security firm Webroot, thankfully does not appear to be too popular. It is rather cleverly disguised though, as the security firm points out: […]

  10. […] The well known security company Webroot discovered the latest kind of Android malware posing as a legit app in Google’s Play Store. This is a new breed of malware, because this time is hiding in plain sight. The malicious app is called Android TechnoReaper, this is its “street name” and it disguises itself under legitimate Android apps. Google Play Store is widely regarded as a safe haven from where to download and install the latest apps for your Android powered smartphone, now Webroot reveals that nothing it’s safe anymore. The Android TechnoReaper can be spotted on a closer look, as when it is installed on your smartphone it requests a bunch of weird permissions, but since you downloaded the app from a supposedly safe source, you tend to overlook anything suspicious. This malware infects a number of Android apps which are used for downloading fonts  that are not currently found on regular smartphones or tablets. But after downloading and installing the font-app, you will find that you gained more than you bargained for. The Android TechnoReaper works remarkably simple and efficient: when you are acquiring your font app from the Google Play Store (there were 2 Android font apps discovered until now which contain the malware), you agree to download and install some stuff on your smartphone, i.e. the font thingy. But the malware redirects you to a privately hosted download link which contains spyware. And voila, you just installed by free choice and consent, along with the desired app, a very dangerous spyware tool. Once installed, it looks like a regular, pretty nice app for adding new fonts to your smartphone.When taking a closer look into the app’s code, you will notice that the ikno.apk file is actually a spyware used to monitoring your SMS, call logs and location. [contentblock id=1 img=adsense.png]   In order to protect your Android smartphone from online threats, you should have installed an antivirus program, like Webroot SecureAnywhere. Source: Webroot […]

true