Android.Exprespam malware affecting thousands of devices

Symantec has warned that a new piece of Android spam may have already stolen thousands of pieces of information from infected devices in just two weeks.

The Android.Exprespam spam was discovered by Symantec earlier in January and is believed to have been active for just two weeks.

Despite its brief period of activity Symantec analyst Joji Hamada said there is evidence the malware has already stolen hundreds of thousands of files from infected devices.

"The data obtained, which is only a portion of the complete data, indicates that the fake market called Android Express's Play has drawn well over 3,000 visits in a period of a week from 13 January to 20 January," wrote Hamada.

"Based on several sources, I calculated that the scammers may have stolen between 75,000 and 450,000 pieces of personal information."

The Android.Exprespam is a malicious app available on a number of third-party Android stores. The app is designed to steal information stored on the infected Android tablet or smartphone and send it to a remote location controlled by the criminals.

Hamada warned that the scammers' success would likely spur the authors to escalate their efforts.

"The scam has only been around for about two weeks so I am sure that this is just the beginning for the scammers and the amount of personal data collected will increase exponentially," wrote Hamada.

"As proof of this, we have found yet another domain registered by the creators of Exprespam and they also created another version of their fake market on the new domain. The scammers are constantly modifying their tactics so that the scam provides a good ‘return' for them."

Hamada was quick to note that the figures are currently just estimates and the exact infection remains unknown.

The Trojan app is one of many targeting the Android ecosystem. F-Secure security chief Mikko Hypponen has in the past attributed the increased levels of malware targeting Android to its open nature.