With great popularity, comes greater progress, but also greater problems. This is certainly the case with the over the top (OTT) messaging market, and has definitely been the case with KakaoTalk lately, although other messaging apps on Android are every bit as vulnerable to malicious attacks. As such, users on KakaoTalk should not feel any more threatened than users of any other messaging application.
There are many different ways hackers go about gaining access to a user’s device, and one of the most common is to take a normal, legitimate version of an app, add malicious code to it, and then distribute it via email, which is precisely what has been occurring with the latest Trojan targeting KakaoTalk and its users. The Trojan has been detected by Trojan eradication specialists Trend Micro as ANDROIDOS_ANALITYFTP.A.
Most Android apps are written using the Java programming language, which makes it easier for attackers to add malicious code. ANDROIDOS_ANALITYFTP.A seems to be a Trojanized app that can be used by eavesdroppers. This app regularly sends out contact information, text messages, and some phone settings to a command-and-control server from where the attacker can retrieve it.
By examining the details of the app, one can see the differences between the legitimate app and the modified one. Details like the country in which it was based, the serial number, and the organization name will all appear different. Trojan versions of KakaoTalk will also ask users for more permissions than the legitimate version.
Fake apps, such as the “KakaoTalk Security Plugin” app (ANDROIDOS_FAKEKKAO.A) that hit users a month ago, are also a popular way for attackers to gain access to user information. The attackers in this case used a hacked Google Play developer account to distribute an app that contained ads for a number of apps, including the aformentioned fake KakaoTalk Security Plugin. Once installed, the app reads user address book info and sends messages to all contacts in the device.
As with most Android malware, spyware, virus, and trojan threats, the most effective way of avoiding being hit by these particular issues is to avoid downloading apps from outside Google Play or Amazon App Store. While this is certainly not going to prevent malicious content from hitting your devices through the apps, it can go a long way in preventing the vast majority of malicious code from getting into and gaining access to your device.