Risky game: even wins lead to losses, Kaspersky Lab warns

Kaspersky Lab has detected a new mobile Trojan that targets Android devices while camouflaged as an innocent game of Tic-Tac-Toe. The Gomal Trojan collects info about the devices it infects and sends all that data to its master server. But this malicious program also has new functions that are rarely seen in this type of malware.

Gomal camouflage

Gomal has all the usual spyware functionality. It can record sounds, process calls and steal SMS. In addition it possesses mechanisms that provide access to various Linux services, attacking the operating system on which Android is based. In particular, the Trojan can read the process memory, jeopardizing many communication applications. For example, it can steal emails from Good for Enterprise. That application is positioned as a secure email client for corporate use, so data theft here could mean serious problems for the company where the device owner works.

“This seemingly harmless game of TicTacToe gives cybercriminals access to an enormous amount of the user’s personal data and corporate data belonging to his employer. The techniques used by Gomal were originally implemented in Windows Trojans, but now we can see they have moved on to Android malware. What’s more alarming is that this technique can adapted to steal data from other applications as well as Good for Enterprise – it is likely that a range of mobile malware designed to attack popular email clients, messengers and other programs will appear in the near future” , says Anton Kivva, antivirus analyst at Kaspersky Lab.

To reduce the risk of infection by mobile malware we recommend that users:

• Do not activate the "Install applications from third-party sources" option
• Only install applications from official channels (Google Play, Amazon Store, etc.)
• When installing new apps, carefully study which rights they request
• If the requested rights do not correspond with the app's intended functions, do not install the app
• Use protection software