The gang that maintains Android.Enesoluty has been busy since last summer registering over one hundred domains used to host app sites and sending spam from these domains. It is now apparent that the group is also still busy developing malware variants. Several days ago, Symantec discovered a new variant of Android.Enesoluty.
As is the case with its predecessors, spam with a link to the app page is sent to potential victims.
Figure 1. Spam used to lure potential victims to the app page
The new malicious app hosted on the app page is called Lime Pop, which (not so?) coincidently is almost identical to the name of a very popular game app. Like previous variants, the page has a link at the very bottom to an end user license agreement (EULA) that states that the app may upload personal information from the device. We assume the agreement is there for legal purposes.
Figure 2. App page that includes a EULA
Though this is a new variant of Android.Enesoluty, the only difference from previous variants is the cosmetic changes made to the malware. The GUI has been replaced to look like a game rather than a battery saver, reception improver, or a security app, which were skins used by previous variants. When the app is launched, it states that the game is attempting to connect to the game server. Seconds later, it instructs the user to check network connectivity. While this is happening, the Contact details are uploaded to the scammers’ server.
Figure 3. Skin used by latest variant
The source code is almost identical to other variants and new functionality or improvements have been added.
While this scam is almost entirely limited to people living in Japan, all Android users should still nonetheless be wary of scams such as this one. As you can tell from reading this blog, there are no new tricks involved here. It is the same old game, but just another new weapon added to the arsenal. When looking for apps, Symantec recommends downloading them only from trusted sources. Think twice before clicking on links in emails and SMS messages that are trying to persuade you to download apps, and install a security app, such as Norton Mobile Security or Symantec Mobile Security, on your device. For general safety tips for smartphones and tablets, please visit our Mobile Security website.