Fake Android Facebook Messenger App infects with Ramnit Trojan

Hundreds of Android users were confronted by the infamous Ramnit Trojan [1] after they have downloaded an app called “Messenger super lite free” on their devices [2]. The security experts have caught this malicious application spreading via Google Play store, and although the virus was quickly removed from the platform, its victims are still dealing with some very unpleasant consequences. This virus was initially designed to infect computers, but its developers simply couldn't bear the idea of leaving the vast smartphone and tablet market uncapitalized. Eventually, they have tailored the malware to execute its script on Android OS and started distributing it hidden inside the fake Facebook Messenger App. The application was promoted as a lightweight alternative to the original Facebook Messenger [3], and its description even featured the famous Facebook slogan “Free and always will be.”

Image of the Ramnit Trojan

Sadly, the real purpose of the program is far removed from the free and easy social communication service. In reality, it tracks and records all data input on the device and continuously transfers it to the malicious Command & Control server [4]. The criminals anticipate that the gathered data would reveal some of the victim’s sensitive information, including credit card numbers, banking credentials, social media or email account login details. Later on, this data can be synthesized to fake an identity [5], break into the victims’ bank accounts and rob them, to put it bluntly. Besides, the hackers behind Ramnit can also control the infected device remotely — take real-time snapshots of the device screen, delete or add new data, install and uninstall applications. This way, victim’s privacy and data security is exploited to even greater extent.

The new infiltration strategy that Ramnit Trojan has embraced is not something security experts haven’t seen before. Scammers have already been successful in spreading malware-ridden applications disguised under the names of popular applications such as Pokemon Go or Mario Run. So, although Facebook Messenger App has been terminated, it is unlikely that Ramnit developers will stop just there. Thus, it is highly recommended to stay vigilant even when downloading software from such respectable download sources as Google Play store. A quick advice for you: do not trust the ratings! Malware developers often rig them so that their evil creations would appear more trustworthy and would generate more downloads. Instead, look through the review section and check whether it contains any detailed and in-depth reviews of the application. If the great majority of the comments you see are very abstract, for instance, “Amazing!”, “Great app!”, etc., — they are probably fake, and you should stay away from the app.

About the author
Lucia Danes
Lucia Danes - Virus researcher

Lucia is a News Editor for 2spyware. She has a long experience working in malware and technology fields.

Contact Lucia Danes
About the company Esolutions