Vulnerabilities / Threats
8/17/2010
01:20 PM
50%
50%

Spyware Hidden In Android Snake Tap Game

Free app is paired with GPS Spy, software that monitors a targeted device's location.

Spyware Hidden In Android Snake Tap Game
(click image for larger view)
Spyware Hidden In Android Snake Tap Game
At first glance, the Android Market game Tap Snake appears to be a free, touchscreen clone of the popular "snake" computer game that dates from the 1970s -- and it is. But that's not all.

"It turns out to be a client for a commercial spying application called GPS Spy," according to Mikko Hypponen, chief research officer at F-Secure.

One giveaway that Tap Snake isn't just a game is that it accesses GPS services. Another is that even if a user attempts to disable the game, it still runs in the background.

According to the developer's description, tracking a phone with GPS Spy requires installing Tap Snake on the target phone and registering an e-mail address in the application, which generates a unique code. Input this code and the related e-mail into GPS Spy, and you can see a trace of the target phone's location for 24 hours, in 15-minute increments.

That's because every 15 minutes, Snake Tap will transmit its location "to an application running on Google's free App Engine service," according to Symantec's Security Response blog. "The silver lining here is that for the application to really be used maliciously, an attacker would need to have access to the phone to install the program."

Alternately, an attacker could trick someone into installing the program as well as accepting the application's requests to use specific APIs. "This would probably require a dash of social engineering as well -- something like 'Hey, let me show you this cool game,'" said Symantec. "Think cheating spouses or keeping tabs on children."

Of course, plenty of applications already provide such functionality, and clearly disclose what they do. In contrast, Snake Tap does not, which is why it's earning a "Trojan application" classification from antivirus providers.

"We expect Google to remove Tap Snake from Android Market soon," said F-Secure's Hypponen. It remains to be seen, however, whether Google might also trigger an Android-wide remote application removal.

Comment  | 
Email This  | 
Print  | 
RSS
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Back Issues | Must Reads
Flash Poll
Video
All Videos
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-7286
Published: 2014-12-22
Buffer overflow in AClient in Symantec Deployment Solution 6.9 and earlier on Windows XP and Server 2003 allows local users to gain privileges via unspecified vectors.

CVE-2014-8896
Published: 2014-12-22
The Collaboration Server in IBM InfoSphere Master Data Management Server for Product Information Management 9.x through 9.1 and InfoSphere Master Data Management - Collaborative Edition 10.x through 10.1, 11.0 before FP7, and 11.3 and 11.4 before 11.4 FP1 allows remote authenticated users to modify ...

CVE-2014-8897
Published: 2014-12-22
Cross-site scripting (XSS) vulnerability in the Collaboration Server in IBM InfoSphere Master Data Management Server for Product Information Management 9.x through 9.1 and InfoSphere Master Data Management - Collaborative Edition 10.x through 10.1, 11.0 before FP7, and 11.3 and 11.4 before 11.4 FP1 ...

CVE-2014-8898
Published: 2014-12-22
Cross-site scripting (XSS) vulnerability in the Collaboration Server in IBM InfoSphere Master Data Management Server for Product Information Management 9.x through 9.1 and InfoSphere Master Data Management - Collaborative Edition 10.x through 10.1, 11.0 before FP7, and 11.3 and 11.4 before 11.4 FP1 ...

CVE-2014-8899
Published: 2014-12-22
Cross-site scripting (XSS) vulnerability in the Collaboration Server in IBM InfoSphere Master Data Management Server for Product Information Management 9.x through 9.1 and InfoSphere Master Data Management - Collaborative Edition 10.x through 10.1, 11.0 before FP7, and 11.3 and 11.4 before 11.4 FP1 ...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.
FULL SCHEDULE | ARCHIVED SHOWS