A Tracking Trojan For Android

Here an article about how a Trojan for Android works by Dinesh Venkatesan. (This article was posted with full permission from the original author.)

By Dinesh Venkatesan,

I have observed another piece of Malware for Android platform that tracks the physical location of the victim mobile phone.

This Malware, known as TapSnake, doesn’t appear to be financially motivated but it certainly is a threat to privacy. By tracking the physical location of the phone the attacker can track the whereabouts of the phone’s owner.

TapSnake requires manual installation of by the victim to get installed and in classic Trojan tradition the threat masquerades as a game. Fig.1 shows the application installed in controlled environment.

Tap Snake – Installed In Controlled Environment

Once, the user invokes the game, it turns up the following gaming interface [Fig.2].

Tap Snake – Game In Action

While nothing seems malicious so far, in the background the application registers a LocationListener object that sends a message about the location of the victim. The following code taps every locationChanged event [Fig.3]

Tap Snake – Event Handler Location

The logic in this case is pretty much simple. The payload component registers a event handler that gets triggered for every location change event and the definition of the event handler is responsible for tracking the victim [Fig.4].

Tap Snake – Key Code Fragments

As always, we request the users to be cautious while installing any untrusted application. Even if the application is trusted, the user should be paying attention about to the access requests the software requests to access upon install.