(PhysOrg.com) -- Lookout Security Firm as identified a new android Trojan named GGTracker that is downloaded to a users phone after visiting a malicious webpage that imitates the Android Market. The Trojan then proceeds to sign up the user to premium SMS services without their knowledge.
The Trojan targets only U.S. Smartphone users when they click on a malicious in-app advertisement. The website lures users to click-through to download and install an application one of which is a fake battery optimizer called t4t.pwower.management, and another is a porn app called com.space.sexypic.
After the application has been installed, GGTracker registers the user for premium subscription services. The Trojan carries out this task by contacting another server in the background where the malicious behavior intercepts crucial confirmation data to charge users without their consent or knowledge.
Lookout advises that users can protect themselves from malicious webpages by taking a few precautions:
After clicking on an advertisement, make sure the page and URL matches the website the advertisement claims its sending you to.
Download apps only from trusted sources. Also look at the developers name, reviews, and star ratings. If you are suppose to be on the Android Market, check the URL to make sure you are on the Market and not redirected to another site.
Always monitor your phone for any unusual behavior like unusual SMS messages, strange charges on your phone bill or unusual network activity. Check all apps running in the background and investigate any that you think should not be running.
Dont download any third party apps by making sure unknown sources is not check off in application settings in your android system.
Download a mobile security app for your phone that scans every app you download to ensure its safe.
Explore further: Android Trojan dubbed ‘Geinimi’ found in legitimate applications
via Lookout Blog