updated 05:15 pm EST, Fri February 24, 2012
Google's precautionary Bouncer software not enough
Earlier this month, Google revealed that for the past year it has been using a protective screening process called Bouncer to keep malware from penetrating Android Market apps. Now comes word that spammers and hackers have found a way to circumvent the malware-blocking system. The work around involves using Facebook's mobile app to send the malware, which is hidden in an app named "“any_name.apk” or “allnew.apk,” to Android-based phones.
The problem can begin when a phone owner receives a Facebook friend request. If the user goes to the sender's profile to check them out, it can result in the user being diverted to a webpage that automatically starts a download of a suspect software app onto the phone. Normally, the default settings on an Android phone do not allow an app to be downloaded automatically. However, many more sophisticated users turn off this protection so that they may have access to apps distributed outside of Android Market.
The malware is designed to scam users through premium rate phone services. Unbeknownst to users, their phone can be 'hijacked' and be forced to send text messages in the background to costly numbers operated by the scammers. The bill is then automatically applied to the user's account by their telco which is provided information that the user has 'legitimately' signed up to the premium service. [via TechCrunch]