Android keylogger hack might make you shake every time your phone vibrates

Innovative spyware, politically motivated malware are changing the risks for cell phones.

Malware and virus writers have turned some kind of corner.

A pair of University of California security researchers created an Android app called TouchLogger that can match the phone's vibration every time you hit a touchscreen key with the particular key you hit.

[Remind everyone you know: malware kills computers, smartphones are computers and Spike in mobile malware doubles Android users' chances of infection]

With a 70 percent accuracy rate, TouchLogger works as a keylogger that never has to actually record the keystrokes you make on your Android device. It only needs you to give it permission to use the motion sensors, which should make it sound relatively safe.

Some copies of one version (Beta 0.981) of the game Dog Wars is also infected with the "Dogbite" trojan that sends a text message to everyone in your contact list that says "I take pleasure in hurting small animals, just thought you should know that."

It also tries to sign the user up for text alerts from People for the Ethical Treatment of animals.

That makes the malware sound like a political stunt from PETA aimed at people committing virtual violence on dogs (though any punishment should be for anyone playing "Dog Wars" without knowing absolutely that dogs are incapable of large-scale violence simply because there would never be enough of them willing to stop eating, sleeping, sniffing each other or chasing things that looked like they moved, but didn't to get any kind of real combat going).

Malware writers are going out of their way to make political points using malware, though, according to Symantec.

One version of the paid edition of the Walk and Text app – which activates the camera on the back side of the phone so you can see on the screen where you're going while you thumb-type with your head down – sends a message out to all your contacts saying you download software illegally from unauthorized sites.

Symantec researchers don't think PETA or any other animal-rights group had anything to do with the Dog Wars trojan (or the Walk and Text, for that matter).

"In spite of the fact that few clues have been left behind, we have no reason to believe that PETA had anything to do with this app, and that it is most likely the work of someone attempting to associate the app with PETA or to gain sympathy by the association," the report said.

Some did suggest there may be more attempts at influencing political or social-issue thinking by using infected mobile devices to send targeted messages and embarrass their owners.

Malware writers aren't famous for sharing common political stances, despite the apparently pro-PETA hack.

If there's one thing malware writers care about, it's getting paid. Since that was the gist of the Walk and Text malware trick – embarrassing people who download software without paying for it – we may see more of that from commercial app developers and the Business Software Alliance as well.

The BSA has a lot of lobbying positions, but getting paid as much as possible for their software is the one closest to whatever it uses for a heart.

From CIO: 8 Free Online Courses to Grow Your Tech Skills
Join the discussion
Be the first to comment on this article. Our Commenting Policies