BBC writes smartphone spyware, and Android malware developments

BBC technology correspondent Mark Ward has shown TV viewers today how easy he found it to create spyware that could steal contacts and SMS text messages from a smartphone.

The good news is that the BBC doesn’t appear to have broken any laws (unlike when the BBC Click programme controversially hijacked a botnet of 22,000 computers and told them to each send 500 spam emails).

In this latest broadcast, Mark Ward’s smartphone spyware – which was disguised as a crude noughts-and-crosses game – was not uploaded to an app store, and was only downloaded onto a single handset. In other words, it appears to have been a “laboratory” experiment done as a proof-of-concept.

Of course, it didn’t prove anything that we didn’t already know – but there’s no denying that it will have helped raise awareness amongst some people that care needs to be taken over which applications are run on a smartphone, just as it should be over what programs are installed on a Windows PC or Mac.

Sign up to our free newsletter.
Security news, advice, and tips.

Android malware
Coincidentally, today our friends at Kaspersky are reporting on an Android Trojan horse that sends SMS text messages to a premium-rate number.

From the sound of things, the malware is only likely to be a concern to Russian smartphone owners – but we are currently analysing our sample and will be issuing detection as Troj/Fakplay-A.

It appears that the Android malware is very simple, and was specifically made for the Russian market. For instance, when run it displays a message in Russian which says something like “Press OK to access the video <name>”.

The Fakplay Trojan horse wasn’t distributed via the Android Marketplace – meaning that only users who were tempted into installing an unauthorised “Movie Player” app could have been exposed to the risk of infection.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.