Android.Exprespam Malware

• Android malware that collects personal data, but does not deter others to lure Android device owners to their malware.

Description

It is new malware, detected as Android.Exprespam, that collects personal data, such as the device owner’s phone number as well as names and email addresses, stored in the Contacts folder of the compromised device.[1]

Android.Exprespam seems to be having a lot of success with the malware.  Acquired data shows how successful Exprespam may be in scamming Android users into providing personal data. The scammers are constantly modifying their tactics so that the scam provides a good “return” for them. These updates will not end until the scammers are caught, which are unlikely to happen anytime soon. Android users can stay safe by avoiding links in emails you receive from unknown sources, by downloading apps from well-known and trusted app vendors, and by installing a security app

To estimate how much personal information may have been stolen, suggests that about 11.8 million pieces of personal data from 90,000 devices were stolen. That figure is 150 pieces of personal information per device.

Executive Guidance

Legal means may not be able to stop so it is up to individual Android device owners to protect their information as well as their friends’ and family’s information. Never click on links received in emails from unknown sources trying to persuade you to download apps. It would be best to not open emails from any unknown sender. 

---

[1] http://www.symantec.com/connect/blogs/malware-authors-create-androidexprespam-after-prosecutors-drop-case