A new Android malware threat that emerged on the weekend uses a pirated and trojanised version of a popular Islamic compass application to distribute links to political propaganda.
The app, dubbed Android.Arspam by Symantec, has so far seen only limited distribution targeted at the Middle East, but it does represent the early stages of politically-motivated hacking (hacktivism) moving to mobile platforms, and Android in particular.
Android.Arspam includes mass-mailer and download functions, and expanded permissions when compared with the original app. It starts a service called "alArabiyyah", which sends an SMS to every contact in the infected device's address book, linking to one of eighteen forum sites.
The content at all eighteen sites is an identical tribute to Mohamed Bouazizi, the Tunisian street vendor who set himself on fire on 17 December 2010 — triggering the Tunisian Revolution.
Additionally, if the compromised device reports itself as being from Bahrain, Android.Arspam attempts to download a PDF file of the Bahrain Independent Commission of Inquiry's report on allegations of human rights violations in that country. The PDF does now appear to contain any malicious code.
"For many across the Arab world, December 18, 2010, marked the birth of what is now come to be commonly known as 'The Arab Spring'," wrote Symantec researcher Irfan Asrar in a blog post today.
"Even the availability of cheap cell phones has played in the role of the uprisings in the Middle East. In a way, this threat is a testament to the rise of Hacktisivm 2.0."
"The message may be something many will sympathize with, [but] this doesn’t mean it’s a victimless crime," Asrar wrote, as the user who installs the trojanised app will end up paying for the messaging.
According to Symantec, the malicious app was only distributed through forums focusing on Middle Eastern issues. The official version of the app, available on the Android Market, is not affected.