You’ve heard of a Trojan horse, but have you heard of a Trojan My Little Pony? Trojan Snoopy? Trojan Hello Kitty? Android users who wanted wallpapers of these cuddly characters ended up falling for the classic Greek trick: Opening the door for something seemingly innocuous and getting something far more malicious inside.
At the Black Hat Security Expo in Las Vegas, a company that makes security for mobile phones, Lookout, revealed that wallpaper apps allegedly downloaded by over a million Android users has been covertly collecting user info and sending it to China.
The apps all come from the company Jackeey Wallpaper, which has created individual apps offering everything from NASA and Linux wallpapers to Gundam and Dragonball Z wallpapers. Although the company offers 72 apps in total, it isn’t known whether all were affected by the apparent security breach.
While early reports suggested the app could steal a phone’s browsing history, text messages, SIM card data, subscriber ID, phone number and your voicemail password, Lookout has since clarified that the permissions granted to the app wouldn’t have been able to access so much: only your phone number, subscriber identifier, and voicemail number.