Hactivism goes mobile with Android.Arspam

Face Mecca, pray, SMS spam all the propaganda

A new Android malware threat that emerged on the weekend uses a pirated and trojanised version of a popular Islamic compass application to distribute links to political propaganda.

The app, dubbed Android.Arspam by Symantec, has so far seen only limited distribution targeted at the Middle East, but it does represent the early stages of politically-motivated hacking (hacktivism) moving to mobile platforms, and Android in particular.

Android.Arspam includes mass-mailer and download functions, and expanded permissions when compared with the original app. It starts a service called "alArabiyyah", which sends an SMS to every contact in the infected device's address book, linking to one of eighteen forum sites.

The content at all eighteen sites is an identical tribute to Mohamed Bouazizi, the Tunisian street vendor who set himself on fire on 17 December 2010 — triggering the Tunisian Revolution.

Additionally, if the compromised device reports itself as being from Bahrain, Android.Arspam attempts to download a PDF file of the Bahrain Independent Commission of Inquiry's report on allegations of human rights violations in that country. The PDF does now appear to contain any malicious code.

"For many across the Arab world, December 18, 2010, marked the birth of what is now come to be commonly known as 'The Arab Spring'," wrote Symantec researcher Irfan Asrar in a blog post today.

"Even the availability of cheap cell phones has played in the role of the uprisings in the Middle East. In a way, this threat is a testament to the rise of Hacktisivm 2.0."

"The message may be something many will sympathize with, [but] this doesn’t mean it’s a victimless crime," Asrar wrote, as the user who installs the trojanised app will end up paying for the messaging.

According to Symantec, the malicious app was only distributed through forums focusing on Middle Eastern issues. The official version of the app, available on the Android Market, is not affected.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags malwareAndroidhactivismandroid malwareAndroid.Arspam

More about MeccaSymantec

Show Comments

Featured Whitepapers

Editor's Recommendations

Brand Page

Stories by Stilgherrian

Latest Videos

More videos

Blog Posts