A new Trojan has been found, and removed, from the Google Play/Android Market, McAfee reported on Friday afternoon.
The Trojan hid itself in applications that promised trailers of upcoming Japanese-language video games, or those that offered scenes from anime or adult Japanese videos, McAfee reported on its blog.
McAfee Mobile Security detects these threats as Android/DougaLeaker.A, the company said.
McAfee said that the fifteen malicious applications of this sort had been found on Google Play, and that all had been removed from the market. However, McAfee employee Carlos Castillo reported that users should beware applications like these that promise to display video content, then ask for permissions they shouldn’t otherwise need – in this case, “read contact data” and “read phone state and identity”.
In this case, the app gathers the Android ID – not the IMEI code that can uniquely identify the device, but the 64-bit number that is randomly generated on the device’s first boot and remains with it for the life of the device. The app also harvests the phone’s phone number and contact list, along with every name, phone number, and email of every person in the contact list.
As the data is being harvested, the app displays a “loading” message. If the app is successful at harvesting the data, the video will play; otherwise, an error message is generated, McAfee said.