To Top

Android malware DDSpy acts as Gmail and steals user data

If you are an Android user, you need to be careful, because the open source operating system is not completely safe. Cases of malware and virus appearing on Android has occurred before, and here it is again. This time the malware pretends to be Google’s Gmail app and steals user’s data. If you find an extra Gmail app in your app drawer without an icon, then your Android smart phone or tablet is affected and probably is under the observation of the malware’s developer(s).

The DDSpy malware is programmed to collect user’s data such as call logs, SMS messages, recorded voice calls, emails, and much more and then upload it to a server. The developers of the malware can then use this data, monitor it and use it the way they wish. This could be very dangerous if you are dealing with your bank accounts, credit card PIN numbers, and the like on your smart phone or tablet.

I have seen people saving their bank account details and credit card PIN numbers on their smart phones in the form of text files for easy reference when in need. Such actions could be very dangerous. Daily Tech details how the malware works:

The malware, called DDSpy, acts like a Gmail service in Android gadgets. However, users will not see an icon for DDSpy — it works by hiding in the app list and waiting for commands from a remote server via SMS. These commands include “BOOT_COMPLETED,” “SMS_RECEIVED,” and “PHONE_STATE.”

Once DDSpy is given these commands, the malware can begin uploading the Android user’s SMS records, call log and vocal records. DDSpy is capable of configuring the uploading email address on the device and figuring out what content to steal. It also records calls when it detects outbound calls and when it’s configured by SMS. From there, the recorded files are stored in SDCard/DCIM/.thumbnails/directory.

DDSpy has a default uploading mode coded into it where it sends its collected information to an email address at a certain time each day.

NQ Mobile Security has been successful in detecting the app as malicious and dangerous and also warning the user that there is something creepy happening on the smart phone. This incident also shows that NQ Mobile Security is a good enough security app to have on your smart phone. Do give it a try, and be careful.

More in Android