Top 5 Android Malware Threats4:00 PM EST Mon. Jan. 28, 2013
Smartphones and tablets running the Google Android platform are most at risk of an attack, according to security experts. More than 70 percent of all Android malware belongs to a few malware families, noted Trend Micro, in its 2012 review of mobile and social media threats. The most aggressive malware threats are tied to SMS Trojans, designed to rack up premium text message charges and high-risk apps that collect as much user data as possible, the security firm said.
Here's a look at the top five malware threats to hit Google Android devices.
Premium service abusers subscribe users to various "services" that add to their phone bill at the end of the month, according to Trend Micro. This threat ranked as the highest mobile threat type, accounting for 40.58 percent of threats in 2012. A large number of the attacks are labeled as SMS Trojans, designed to send text messages to premium numbers. The premium numbers often charge a costly fee for unwanted services. Security firm F-Secure detected premium service abusers that slipped into the Google Play official Android app market masquerading as free versions of many popular applications. They were quickly removed, but not before being downloaded thousands of times.
Android apps that use abusive advertising tactics ranked as the second highest mobile threat. Apps tied to aggressive advertising networks accounted for 38.3 percent of Android threats, according to Trend Micro's analysis. Android adware abuse is often tied to apps that manage to display ads outside of the app, using pop-up notifications, browser bookmarks and taskbar notifications. Many of the apps identified as adware tap into contact lists and attempt to collect other personal data without requesting permission from the device user.
Android data stealers often bilk users of information such as their operating system version, product ID, International Mobile Equipment Identity (IMEI) number and other information that could be used in future attacks. The data stealers consisted of 24.9 percent of all Android threat types in 2012, according to Trend Micro's analysis. DroidDream, detected by researchers at Lookout Mobile Security, Inc. in 2011, gained the most notoriety. The malware was found embedded in more than 50 mobile apps in the official Google Play store. It was believed to have been downloaded 5,000 times before it was removed. The malicious code was designed to break out of Android's application security sandbox to send information from the phone to a remote server. Variants of DroidDream still circulate on third-party Android app stores.
Malicious downloaders accounted for 22.8 percent of all Android threat types in 2012, according to Trend Micro. Once a malicious downloader has infected a victim's Android device, it is designed to contact a remote server to await instructions or download additional Android malware. In July, OpFake malware was seen bundled with a legitimate version of the Opera Mini browser. The designer of the malware mimicked the installation process of the Opera Mini browser, requesting permission from the user to modify rights to SMS and MMS messages, read contacts and modify the contents of the device's SD card. The victim was then prompted with a second permission request to install Opera Mini. A similar tactic was detected in China with as many as 100,000 victims. Once installed, the malware silently downloaded paid apps and multimedia content from an official Google market in China racking up charges on the victim's phone bill.
A less common but dangerous kind of malware, rooter malware has the capability to root infected devices, giving an attacker complete control of the Android smartphone or tablet. Trend Micro found that rooter malware made up only 4.4 percent of all Android threat types. Root privileges grants a remote attacker access to files and the device's flash memory. The threat is designed for targeted attacks to remain stealthy and persistent on the device, evading detection by most mobile antivirus applications. One such threat called Gonfu was detected in 2011 and can root a device by installing a malicious package called Legacy. Once infected, the rooting capability renders manual app remove ineffective, according to Trend.