Security experts warn of increase in Android malware

Symantec has reported an increase in malware targeting the Android mobile operating system via hacked legitimate applications.

The security firm said that the most recent example is the Android.Pjapps Trojan, which is propagated through third-party download sites that offer " altered versions" of applications and enrol compromised smartphones into a botnet.

Android.Pjapps mimics an application called Steamy Window that "mists up" a smartphone screen.

But the Trojan is also able to install other applications, redirect to malicious web sites, add bookmarks, send and block text messages and relay sensitive information back to the attacker.

"Similar to other compromised Android applications, it is difficult to differentiate the legitimate version from the malicious one once it is installed," said Symantec security engineer Mario Ballano in a blog post.

"However, during installation it is possible to identify the malicious version by the excessive permissions it requests."

Symantec suggested that the Trojan is designed to promote advertising campaigns or redirect calls to third-party premium rate services.

However, Symantec found that many of the redirected URLs point to sites that are not live, while others, including an Xbox parsing code, appear to be red herrings.

Symantec urged Android smartphone users to download applications only from official marketplaces, to regularly check handset settings and to stop non-market applications from being installed.

"Lastly, always check the access permissions being requested during the installation of any Android application. If they seem excessive for what the application is designed to do, it would be wise to stop installing the application," said Ballano.