Cyber-security sleuths have alerted Android-based smartphone users against an infectious Trojan which steals vital information from the personal device and can even illegally send SMSes to those on the mobile contact list.
The Trojan has been identified as 'AndroidSmssend' and it can acquire as many as four aliases to hoodwink the user and perpetrate its destructive activities on a personal Android enabled phone.
"Android/SmsSend is a premium service abuser family malware that arrives bundled with legitimate Android applications and infects Android-based smartphones.
"Once infected, it sends text messages (typically with a link to itself or a different threat) to a specific number, typically to numbers on the contact list and is also capable to send SMS to premium rate numbers," the Computer Emergency Response Team of India (CERT-In) said in its latest advisory to Android phone users in the country.
The CERT-In is the nodal agency to combat hacking, phishing and to fortify security-related defences of the Indian Internet domain.
It said that after a typical successful infection, basic information about the smartphone like IMEI number, device ID, device type among others are compromised and it can even install spyware on the targeted device.
The Trojan is so notorious, the agency said, that it "steals contacts and pictures, tracks the location, steals passwords, illegally accesses text messages, crashes a complete system, steals personal banking information when logged in, installs other sort of spyware and disables firewall and anti-virus program to defend itself."
The CERT-In said the malware is created by modifying the legitimate application and then re-distributing via marketplace or other separate channels.
The agency has suggested some counter-measures in this regard.
"Do not download and install applications from untrusted sources, install applications downloaded from reputed application market only, run a full system scan on device with mobile security solution or mobile anti-virus solution, check for the permissions required by an application before installing, exercise caution while visiting trusted/untrusted sites for clicking links, install Android updates and patches and use device encryption or encrypting external SD card feature available with most of the android OS (operating system)," it said.
Also, avoid using unsecured, unknown Wi-Fi networks and make a practice of taking regular backup of the Android device, the advisory said.