A new form of malware has made its way onto the scene, causing havoc with hundreds of Android users’ devices. It comes cleverly disguised as a Word document that once opened, allows the malware to scan the smartphone’s data and send it to the hacker via email.
The discovery was made by security firm Zscaler, who have warned Android users of the dangers of clicking on the app that uses the famous Word icon to lure people in. As soon as the victim tries to open the app, an error message is displayed, implying that the app is not compatible with the phone. After which the icon disappears and continues to run invisibly with admin access.
Meanwhile, the malware scans the device, going through everything from SMS messages to the SIM card number and all the user’s contact information. It can even spy on its victims in real time, thanks to a broadcast receiver that is registered to a trigger whenever a new SMS is delivered. The malware has claimed more than 300 victims since its initiation in October 2015.
It is thought that the majority of Android malware comes via unofficial App stores, which are not run by Google. These stores have a tendency to focus on the distribution of cracked or pirated packages and should therefore be avoided if users want to keep themselves and their devices safe.
The worry is of course there for corporate environments whose employees are not careful when installing and opening software on company devices. While any victim of malware will suffer inconvenient and harmful blows, the real consequence comes when things move to a larger scale.
It is therefore especially important for organisations to train all staff in cyber security literacy and implement strict company policy. Running all computers and devices with up-to-date antivirus software can help, but the real focus should be on the front line.
To uninstall the Data malware, infected users must boot their device into safe mode and deactivate the app from the settings menu. They then need to go into security, device administrator and uninstall it by tapping on settings, then apps, then uninstall.
