We have found a new threat we are calling Android.TechnoReaper. This malware has two parts: a downloader available on the Google Play Market and the spyware app it downloads. The downloaders are disguised as font installing apps, as seen below:

Screenshot1

Once you install the app, it looks like a nice app used to install new fonts on your phone:

Screenshot2

Screenshot3

Everything looks legitimate, but if you look in the code you’ll see you could get more than you bargained for:

Screenshot4

The file ikno.apk is spyware that monitors SMS, call logs, and location. The information about your device and various activities is logged through a web portal. This is all described on their webpage:

Screenshot6

The download link in the upper right corner says “Download iKno from the Android Market”, but it is not actually linked to the Android Market. When clicked, the ikno.apk file simply downloads directly from their site. This app is just another reason to have Webroot SecureAnywhere on your phone, catching malware before it can spy on you.

Blog Staff

About the Author

Blog Staff

The Webroot blog offers expert insights and analysis into the latest cybersecurity trends. Whether you’re a home or business user, we’re dedicated to giving you the awareness and knowledge needed to stay ahead of today’s cyber threats.

Share This