Anti-Obama Android Trojan horse poses as Jay-Z app, spies on users, triggers on July 4th

If you’re a fan of rapper Jay-Z, and are comfortable installing apps onto your Android from non-official sources, then you should probably be on your guard.

Jay-Z releases a new album in a few days called “Magna Carta Holy Grail”, but if you own a Samsung Galaxy S4, S3 or Note 2 you can get your hands on it early by downloading the album’s Android app from the official Google Play store.

A Trojanised version of Jay-Z’s Magna Carta Holy Grail app has been discovered by researchers at McAfee on non-official Android app sites, presumably placed there in an attempt to lure fans who do not have Samsung devices.

Interestingly, the Trojan horse – which McAfee is calling Android.AntiObscan – has something to say about the recent accusations that the NSA was spying on internet users with its PRISM project.

Sign up to our free newsletter.
Security news, advice, and tips.

Android malware payload

The app starts a service called “NSAListenerService” which, according to McAfee, silently sends information about the infected device to an external server every time the phone restarts. The Trojan horse then attempts to download and install additional code.

On July 4th, however, it rather gives the game away – changing the infected device’s wallpaper to an iconic image of Barack Obama wearing headphones under a banner of “YES WE SCAN” with the subheadline “We are watching you”.

Clearly if the app was *really* engineered by the NSA for the purposes of spying on people, the last thing it is likely to do is announce the fact on the United States’ Independence Day!

What we have here appears at first glance to be old-school politically-motivated malware, designed to make a point and spread a message rather than necessarily make money for its creators.

However, the fact that McAfee claims that some information is shared with a third-party server and the malware downloads additional code does raise alarm bells.

The official Play store, governed by Google, hasn’t been entirely successful at keeping malware out of it in the past – but it is certainly a safer place to get your apps than some of the third-party unofficial Android marketplaces out there.

If you’re a Jay-Z fan, and don’t have a Samsung device, it may be wise to show some patience and wait for the album’s wider release rather than risk infecting your phone.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.