What the malware creators intend to do with the privacy-invading information is still an unknown. The app runs in the background and appears on the smartphone or tablet as an icon with the word “store” written on it.
The store icon is apparently meant to fool the device user into thinking that it is only an e-commerce app, according to Bitdefender. In actuality, the malware broadcasts latitude and longitude of the device, as well as the name of the wireless carrier. It also attempts to enable the device’s Wi-Fi connection and scan for access points. All the data is transmitted to the remote server via the device’s Internet connection.
“Speculating on why all this information is broadcasted, we could conclude that infected devices act as beacons, providing attackers with a relative positioning of certain Wi-Fi networks and the frequency to which infected devices connect or interact with them,” BitDefender said in a blog post on Tuesday.
The lightweight spyware has no user interface and transmits location information every couple of seconds. Because the malware runs so effectively in the background, Bitdefender believes it will eventually be bundled with other apps.
Whether it’s spyware or another type of malicious app, the number of mobile malware is soaring. The rate of growth last year was 155 percent over 2010, according to Juniper Networks. During the first quarter of this year, the year-to-year increase was 30 percent, with spyware alone doubling. Most mobile malware is targeted at Android, the leading smartphone operating system.
The proposed class action, filed in a Seattle federal court on Wednesday, states Microsoft intentionally designed camera software on the Windows Phone 7 operating system to ignore customer requests that they not be tracked.
A Microsoft representative could not immediately be reached for comment.
The lawsuit comes after concerns surfaced earlier this year that Apple’s iPhones collected location data and stored it for up to a year, even when location software was supposedly turned off. Apple issued a patch to fix the problem.
However, the revelation prompted renewed scrutiny of the nexus between location and privacy. At a hearing in May, U.S. lawmakers accused the tech industry of exploiting location data for marketing purposes — a potentially multibillion-dollar industry — without getting proper consent from millions of Americans.
The lawsuit against Microsoft cites a letter the company sent to Congress, in which Microsoft said it only collects geolocation data with the express consent of the user.
“Microsoft’s representations to Congress were false,” the lawsuit says.
The litigation, brought on behalf of a Windows Phone 7 user, claims Microsoft transmits data — including approximate latitude and longitude coordinates of the user’s device — while the camera application is activated. It seeks an injunction and punitive damages, among other remedies.