Anti-Obama Android Trojan horse poses as Jay-Z app, spies on users, triggers on July 4th


If you’re a fan of rapper Jay-Z, and are comfortable installing apps onto your Android from non-official sources, then you should probably be on your guard.

Jay-Z releases a new album in a few days called “Magna Carta Holy Grail”, but if you own a Samsung Galaxy S4, S3 or Note 2 you can get your hands on it early by downloading the album’s Android app from the official Google Play store.

A Trojanised version of Jay-Z’s Magna Carta Holy Grail app has been discovered by researchers at McAfee on non-official Android app sites, presumably placed there in an attempt to lure fans who do not have Samsung devices.

Interestingly, the Trojan horse - which McAfee is calling Android.AntiObscan - has something to say about the recent accusations that the NSA was spying on internet users with its PRISM project.

Android malware payload

The app starts a service called “NSAListenerService” which, according to McAfee, silently sends information about the infected device to an external server every time the phone restarts. The Trojan horse then attempts to download and install additional code.

On July 4th, however, it rather gives the game away - changing the infected device’s wallpaper to an iconic image of Barack Obama wearing headphones under a banner of “YES WE SCAN” with the subheadline “We are watching you”.

Clearly if the app was *really* engineered by the NSA for the purposes of spying on people, the last thing it is likely to do is announce the fact on the United States’ Independence Day!

What we have here appears at first glance to be old-school politically-motivated malware, designed to make a point and spread a message rather than necessarily make money for its creators.

However, the fact that McAfee claims that some information is shared with a third-party server and the malware downloads additional code does raise alarm bells.

The official Play store, governed by Google, hasn’t been entirely successful at keeping malware out of it in the past - but it is certainly a safer place to get your apps than some of the third-party unofficial Android marketplaces out there.

If you’re a Jay-Z fan, and don’t have a Samsung device, it may be wise to show some patience and wait for the album’s wider release rather than risk infecting your phone.

Tags: , , , , , , ,

Share this article:

   Join thousands of others and sign up to our free "GCHQ" newsletter.

Smashing Security podcast
Check out "Smashing Security", the award-winning weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"It's brilliant!" • "Three people having fun in an industry often focused on bad news" • Winner of the Best Security Podcast 2018

Latest episodes:
Listen on Apple Podcasts Listen on Google Podcasts

, , , , , , ,

No comments yet.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.