Droid Danger: Top 10 Android Malware Families5:12 PM EST Thu. Aug. 08, 2013
Mobile malware has been skyrocketing, according to security vendors monitoring the threat landscape. Trend Micro's latest quarterly threat report, "Mobile Threats Go Full Throttle," outlines some of the most dangerous threats, such as SMS Trojans and spyware. The threats are riskiest for Android device owners in Eastern Europe, Asia and Latin America, according to the threat statistics provided by the security vendor. Many of the malicious applications spoof legitimate mobile apps and are downloaded from third-party application stores. Trend Micro also highlighted some of the latest threats, such as the Master Key Vulnerability, a security flaw in Android that could be used to weaponize a legitimate application by bypassing a verification check in the Google Play store.
Here's a look at the top 10 Android malware threats, according to Trend Micro.
The Basebridge malware family acts as spyware, stealing sensitive data from the device owner to a remote location. The malware, which constituted 2 percent of the total Android malware threats, landing it in the No. 10 spot on Trend Micro's top Android malware family list, has been detected in Asia and is embedded in copies of popular mobile apps that can be downloaded from a third-party application store. Basebridge was designed to sniff the victim's SMS messages and send out text messages to premium-rate numbers. It also has functionality that can block data consumption monitoring by cellular service providers.
Tying with Basebridge malware at 2 percent, the JIFake malware family masquerades as a mobile app for JIMM, an open-source instant messaging client for the ICQ network. The fake mobile app has an embedded SMS Trojan functionality to send text messages to premium-rate phone numbers, Trend Micro said. The fake mobile app has been detected in Eastern Europe and Russia. The malicious application can also monitor incoming SMS messages and collect device information and location data.
Landing in the No. 8 spot at 3 percent, the KungFu malware family is found embedded in applications and attempts to gain root access of the victim's device, according to Trend Micro. It was detected in 2011. Security researchers said the malware appears to have backdoor functionality that enables an attacker to install a malicious Android package, run programs or navigate to a specific website. It steals data about the device as well as all information stored in its memory.
FakeDolphin, which according to Trend Micro tied with KungFu at 3 percent, is a family of Android malware that poses as a Dolphin browser, an alternative browser to Google Chrome on the Android platform. FakeDolphin contains an SMS Trojan that attempts to sign up users for premium services without their consent, Trend Micro said. Victims can be lured to download FakeDolphin through an attack website or if they browse a poorly managed third-party application repository.
The VDLoader malware family, which also constituted 3 percent of the Android malware threats Trend Micro found, is embedded into mobile apps and was the first malware to contain an auto update feature. Detected mainly in Asia, this is one of a variety of different SMS Trojan families. VDLoader hides in the background of a mobile application. It contacts a remote server and then begins flooding the victim's phone with text messages, urging the user to load additional applications onto the device, Trend Micro said. It also collects data about the apps already installed on the device.
Called GinMaster or GingerMaster, this Android family was first detected by researchers in 2011 at North Carolina University. Comprising 6 percent of total Android malware threats and landing it in the No. 5 spot on Trend Micro's list, the malware family is repackaged into legitimate apps, including those displaying racy images of women. The Trojan initially contained dangerous rootkit capabilities, installing its root shell into the system partition for later use, according to the initial research. Variants of the malware are designed to silently collect the device ID, phone number and other data on the victim, Trend Micro said.
Another SMS Trojan, designed to rack up charges by texting to premium rate numbers, the Boxer family of malware was once masquerading as a Flash alternative for Android devices, according to Trend Micro. The apps that spread the threat sometimes pose as freely available versions of legitimate mobile applications. In addition to Europe and Asia, the Boxer family, which also constituted 6 percent Android malware threats, showed up in Brazil and other countries in Latin America, the security firm said.
Coming in at No. 3, the SNDApps malware family, which made up 12 percent of the total Android malware threats Trend Micro found, dates back to 2011 and was originally found in a group of apps in the official Google Play store. The apps contain spyware that upload personal information, such as email addresses, phone numbers and other details and to a remote server without the user's permission. The simple apps that spread the spyware included an air horn, which sounded when an icon was touched, and a whoopee cushion. Google took action to block the apps from its official repository, but they are still available on third-party app stores.
Constituting 14 percent of Android malware threats Trend Micro found, OpFake is a family of malware that masquerades as a downloader for the Opera browser, an alternative to Google's Chrome browser on Android devices. The malware authors behind the Trojan family monetize it by silently sending premium-rate text messages. The threat was detected last year and started targeting Android devices, but the OpFake cybercriminal gang turned their sites on Symbian phones and jail-broken iPhones. The attack continues to spread through a variety of methods, including a fake Android market and a phony pop-up message on some websites that tricks victims into believing their browser is out of date.
FakeInst, comprising 22 percent of the total Android malware threats, is the most common malware family, according to Trend Micro and a variety of other security vendors. It sends premium-rate SMS messages and was found in dozens of apps on third-party Android markets. The threat spreads in apps that masquerade as popular games. The majority of the detections have been in Eastern Europe, Russia and Asia, Trend Micro said.