An unusual Android Trojan appears lurking, embedded in a pirated version of a legitimate music app.
The app in question is Jay Z Magna Carta, which is now available on Google Play, and allowed users of certain Samsung devices to listen to the rapper’s new album on July 4, three days before the album came out and the rest of the world can hear it, said researchers at McAfee.
The trojanized version is available to download on third party sites, and once installed and run, it doesn’t give any indication it might be malicious. Nevertheless, it works in the background and tries to download and install additional malware and attempts to send device info to a remote server each time the phone restarts.
But on Thursday, July 4, users found the app was not what it purported to be. That date triggered the app to replace the wallpaper on the infected device with an image of President Obama that apparently comments on recent surveillance scandal in the U.S., and to start a “NSAListenerService.”
“The image and the service name NSAListener suggest a hacktivist agenda, but we haven’t ruled out the possibility that additional malware may target financial transactions or other data,” the researchers said.
“Based on the political message and the fact that it was embedded in an app that coincides with the release of Jay Z’s latest album, we suspect the Trojan was recently introduced into the wild,” they said, and urged users to always be careful when downloading apps from unknown or untrustworthy sources.