New malware found targeting individuals specifically in the Middle East through an app could
open the door to more malicious attacks
Dubai, United Arab Emirates, 29th December, 2011 – There has been a lot of discussion
regarding the impact of the Internet, social media, and even the availability of cheap cell
phones on the uprisings in the Middle East. Three major themes from 2011 – mobile malware,
hacktivism and the “Arab Spring” – have converged in a new threat dubbed Android.Arspam
by Symantec. Based on our research, the malicious version was only distributed through forums
focusing on Middle Eastern issues, utilizing the open nature of Android operating platforms to
grow and spread the attack by means of ‘Hacktivism.’
Hacktivism is based on an activist agenda where there may be no visible monetary gain by
the instigator. Instead the overall goal is to send a message or get a point across. Even though,
on occasion, the message may be something many will sympathize with, this doesn’t mean
it’s a victimless crime. In many cases, the cost of getting an agenda across may involve using
resources, even people without consent.
“The Middle East has undoubtedly seen a rise in hacktivism and cybercrime in 2011, not only is it
an emerging market that has great financial appeal for cybercriminals but the region plays host to
an increasingly connected and mobile online community that offers great scope for those looking
to exploit these devices to reach a wider audience. The ‘Arab Spring’ is just one of many trending
topics that are attracting a higher volume of online traffic which is essentially where the low
hanging fruits lie,” said Bulent Teksoz, Chief Security Strategist, Emerging Markets, Symantec.
“In a way, this threat is a testament to the rise of Hacktisivm. Attacks like Android.Arspam
further offer Hacktivists and cybercriminals targeting this region an opportunity to test and
develop their methods. It is of crucial importance that individuals and organizations secure
themselves across all devices as these ‘gateway’ threats become more sophisticated and
How does it work?
The Android.Arspam Trojan was embedded into a pirated, popular Islamic compass app. The
official version of the app, available on the Android Market, is not affected and, as the screenshot
indicates, this pirated app contains expanded permissions beyond what is requested from the
After the installation of the app, the code goes to work on device start up, silently working in the
background as a service called “alArabiyyah”. It randomly picks one link from a list of eighteen
and then sends out an SMS message to every contact in the address book of the compromised
device, sending them a link to a forum site. Each forum site has identical content and appears to
be a tribute to Mohamed Bouaziz.