New Year coming up, there's naturally a lot of well wishes and holiday greetings being messaged around. Looks like somebody's decided to join in (a little late) — and also do a bit of data harvesting at the same time.
F-Secure researchers have spotted a malware application(na masquerade as greeting-sending applicaion that lets you send witty/sweet/funny messages to your contact. On execution, it displays a list of text messages that fall into different categories: new year wishes, friendship, love and jokes
When the user selects one of messages, the app prompts a dialog box asking for the next action: Contact, Edit or Cancel.
If Contact is chosen, the app tries to read the stored contact data. Presumably, it needs to know to whom to send the message.
Researchers tested the application with a test phone that has bogus contacts present, no text message was sent then either — AdBoo only produces a dialog box with the message "Sending fail"
When analyzing the app, researchers noticed that the app did do something else though. On selecting the Contacts options, it silently obtained the following information from the device:
1) Phone Model
2) Android Version
3) Phone number
4) International Mobile Equipment Identity (IMEI) number
The harvested details are then forwarded to remote server.
Incidentally, looking at the certificate for this variant of AdBoo, it appears to be from the same developer as Zsone.A.