The newest strain of the Nickispy trojan virus (the first two variations we named Nickispy.A and Nickispy.B respectively) is taking advantage of the rise of Google+ to attack phones, Trend Micro discovered Friday.
While the three variants of Nickispy use many of the same services, the new “C” version calls itself Google++ and uses the social network’s icon for virtually all of its services to take advantage of less experienced users. Once it becomes active, it can scrape call logs, text messages, GPS positioning, and even record calls from the infected device and send it to a remote site.
One new trick that separates Nickispy.C from earlier versions .A and .B is its ability to answer calls on its own. If a call comes from a “controller” marked in its configuration file while asleep, it will mask the data to make the phone appear as though it is still on the home screen and will switch the phone to silent to avoid making the owner of the phone suspicious. This trick allows an attacker to listen in on a call in real time instead of just a recording of the conversation at a later date.
It’s not known if Nickispy.C has been found in any Android Market apps or if its exposure has been limited to third-party app stores. While Android 2.3 included a fix that blocked the ability to change the phone state without consent, any device using Android 2.2 or earlier is still vulnerable to Nickispy.C and the problems that the virus can cause.