Share this Story

New Type Of Android Trojan Charges For Premium SMS Services

GG Tracker is a new Trojan which has recently been discovered by the lovely people over at Lookout. If users are infected by the Trojan, they are directed to an imitation of the Android Market on their mobile, to download a free app. Once it is downloaded it unknowingly goes to work by signing you up for a ton of premium SMS services, and it’s all downhill from there. Lookout has done a very extensive write up on what it is, how it works, and how to avoid it. Tim Wyatt of Lookout writes:

Lookout has identified a new Android Trojan, GGTracker, which is automatically downloaded to a user’s phone after visiting a malicious webpage that imitates the Android Market.  The Trojan is able to sign-up a victim to a number of premium SMS subscription services without the user’s consent.  This can lead to unapproved charges to a victim’s phone bill.

Have you all been browsing bad websites? Let me just say that this issue could seriously be alleviated if we all just took two seconds and make sure that what we’re browsing is such a good idea. If you’re on the Android market’s website, you better see “Android Market” somewhere in the URL. 

Above is an example URL taken from the Lookout blog, where the mobile site imitates the Android Market. The first step in making yourself safer against these things, is honestly being aware of their existence. If you’re proactively making sure you’re visiting safe sites, then this issue hopefully will never affect you. Lookout has their own thoughts on how this is happening to victims;

We believe Android users are shown an advertisement that directs them to a malicious website that resembles the Android Market installation screen.

The website entices a user to click-through to download and install an application (in one case, a fake battery optimizer packaged as t4t.pwower.management, and in another a porn app packaged as com.space.sexypic). If the user clicks the install button, the malicious app will begin to download and dialogue appears to direct the user to install via the download notification.

Once activated, GGTracker registers the victim for premium subscription services that would normally require the user to reply or enter a pin on a webpage. Charges may be up to $9.99.

They list a few ways to protect yourself, one of course is Safe Browsing which is included in Lookout’s app for Premium Users. Others include making sure you’re visiting safe sites, and double checking the URLs you are browsing. We have done readers polls before asking if you were all worried about these things, and from the look of it, this is something a few of you are concerned about. So are you going to be more careful? We all have a choice when it comes to these things, so don’t be afraid to do the research and see if downloading a mobile security app is right for you.

Via: Lookout Blog

  • I actually wanted to develop a quick remark to appreciate you for some of the wonderful hints you are giving here. My considerable internet look up has finally been honored with sensible know-how to go over with my friends and classmates. I would believe that we website visitors actually are unquestionably blessed to dwell in a superb site with many lovely professionals with insightful ideas. I feel really happy to have come across your site and look forward to some more excellent times reading here. Thank you once again for all the details.

    Visit my site adverse side effects of ritalin!

  • Thank you Lookout.

  • Thanks so much for providing individuals with remarkably wonderful opportunity to read in detail from this web site. It is always very lovely and stuffed with amusement for me personally and my office friends to search the blog at least three times every week to study the latest secrets you will have. Not to mention, I am also usually contented for the effective knowledge you give. Certain 1 points in this post are in truth the most effective we have had.

    Welcome to my site estradiol low symptoms

  • Thank you so much for providing individuals with a very remarkable opportunity to discover important secrets from here. It’s always so lovely and as well , packed with a lot of fun for me and my office acquaintances to search your blog at the least thrice a week to see the latest guidance you have got. And of course, I am just usually amazed with all the effective inspiring ideas you serve. Certain 4 points in this article are really the best I have had.

    Read more on my blog plavix overdose.

  • Anonymous


  • Photobum769

    why not just track down these folks, put a bullet in their heads, show the video on youtube…problem solved…

    • Anonymous

      Well, you know they’re doing this to make money.  I don’t understand why authorities can’t follow the money trail?  Go to the “premium SMS” vendors, find who got the commission for illegally signing the users up or whatever, and go question that person, right?  Is this a legal loophole, where it’s not technically illegal (yet) to hijack a person’s phone, or something?

  • joesred

    I upgrades my Lookout to Premium…
    you can save $5 of annual prices with promo code


  • Anonymous

    Am I the only one that wonders if Lookout is the one creating these issues and sites in order to sell their “premium” services?

  • The site is suspended and I wanted to download that battery saver to.[/sarcasm]

  • Computer Repair

    Also Checkout this Computer Repair Course ! http://www.v-conntraining.com

  • Anonymous

    If you’re not into premium SMS subscriptions and have no use for them, Verizon can block them for you for free.

    • Khollis33

      yeah, i got signed up for 1 about a year ago and when i found out that they were charging me to get SPAM i had a fit with Verizon, since then, I’ve had permium SMSs blocked and recomend everyone do the same.  Not even sure how i got signed up, i thought it was just random spam.

  • j2d2

    Looks like just a classic case of Carbon-Based Keyboard Error.

  • Battery Saver, huh?

    Surprised it doesn’t have “Gingerbread” or “Honeycomb” available to download.


  • hfoster52

    PEBKAC error

  • I’ve got a themed Android Market, if I see a Green Market I will know its a fake.  Plus the Android market should not have a URL bar.  It’s good to know that these exist though, now I can let my friends (who tend to blindly install apps) know whats up.

  • This is why “Unknown Sources” is unchecked by default. The user has to check this box, ignore a warning, go to the fake market site and grant the application permission to install. This is not an android problem. This is a ignorance problem.

    • Was thinking the same thing.

      • Dope pic, its like cross of Android Andy and Deadmou5

  • Anonymous

    dont forget that this also requires sideloading of an app, which android specifically warns about when turned on.  this is really a matter of people being duped because they are computer illiterate or careless.  this is also one of the reasons why i think it would be better if Google would allow the amazon appstore an excemption in order to allow ppl to use that service without having to open their phones up to sideloading.

  • Anonymous

    So wait, people are being redirected to a browser version of the android market on their phones, but not the market app itself, and people are actually believing it? Wow.

  • guess I better make sure I’m going to legitimate porn sites

    • 😉 +1 good sir

    • Anonymous

      That’s no fun. Who doesn’t like the thrill of nonlegitimate porn stites with the risk of a computer based STD.

  • Anonymous

    ios 1, android 0 when it comes to user security.

    • gregmr

      This is not a Market/Android problem. This ultimately comes down to people getting duped by social engineering.

    • Farter

      aaaaand here come the iphone trolls…

    • Mr.Joe


      iPhone is FAR from not having it’s own security issues.

    • Anonymous

      You’re clueless.

  • Tom