Video Screencast Help
Protect Your POS Environment Against Retail Data Breaches. Learn More.
Security Response

Lime Pop: The Next Android.Enesoluty App

Created: 25 Mar 2013 05:25:06 GMT • Updated: 23 Jan 2014 18:08:39 GMT
Joji Hamada's picture
+2 2 Votes
Login to vote

The gang that maintains Android.Enesoluty has been busy since last summer registering over one hundred domains used to host app sites and sending spam from these domains. It is now apparent that the group is also still busy developing malware variants. Several days ago, Symantec discovered a new variant of Android.Enesoluty.

As is the case with its predecessors, spam with a link to the app page is sent to potential victims.

spam.png

Figure 1. Spam used to lure potential victims to the app page

The new malicious app hosted on the app page is called Lime Pop, which (not so?) coincidently is almost identical to the name of a very popular game app. Like previous variants, the page has a link at the very bottom to an end user license agreement (EULA) that states that the app may upload personal information from the device. We assume the agreement is there for legal purposes.

site.png

Figure 2. App page that includes a EULA

Though this is a new variant of Android.Enesoluty, the only difference from previous variants is the cosmetic changes made to the malware. The GUI has been replaced to look like a game rather than a battery saver, reception improver, or a security app, which were skins used by previous variants. When the app is launched, it states that the game is attempting to connect to the game server. Seconds later, it instructs the user to check network connectivity. While this is happening, the Contact details are uploaded to the scammers’ server.

app.png

Figure 3. Skin used by latest variant

The source code is almost identical to other variants and new functionality or improvements have been added.

While this scam is almost entirely limited to people living in Japan, all Android users should still nonetheless be wary of scams such as this one. As you can tell from reading this blog, there are no new tricks involved here.  It is the same old game, but just another new weapon added to the arsenal. When looking for apps, Symantec recommends downloading them only from trusted sources. Think twice before clicking on links in emails and SMS messages that are trying to persuade you to download apps, and install a security app, such as Norton Mobile Security or Symantec Mobile Security, on your device.  For general safety tips for smartphones and tablets, please visit our Mobile Security website.