Android.Exprespam Potentially Infects Thousands of Devices

by Carol~ Moderator - 1/21/13 2:18 PM

In Reply to: NEWS - January 21, 2013 by Carol~ Moderator

From the Symantec Security Response blog:

Android.Exprespam was discovered at the beginning of January and has only been around for about two weeks, but the scammers seem to be having a lot of success with the malware already. Symantec has acquired some data that has allowed us to get an idea of how successful Exprespam may be in scamming Android users into providing personal data. The data obtained, which is only a portion of the complete data, indicates that the fake market called Android Express's Play has drawn well over 3,000 visits in a period of a week from January 13 to January 20.

Based on several sources*, I calculated that the scammers may have stolen between 75,000 and 450,000 pieces of personal information. [Screenshot: Potential amount of stolen information]

The scam has only been around for about two weeks so I am sure that this is just the beginning for the scammers and the amount of personal data collected will increase exponentially. As proof of this, we have found yet another domain registered by the creators of Exprespam and they also created another version of their fake market on the new domain. This time, they have decided to not give the market a name or provide the name of the party maintaining the market. At the time of writing, the new market does not appear to be in active use yet and may currently be under construction or on standby but that has not stopped the scammers as a new malware variant is already being hosted on the site. [Screenshot: Various fake app markets used by the Exprespam scammers]

Continued: http://www.symantec.com/connect/blogs/androidexprespam-potentially-infects-thousands-devices