Page 1 of 2
F-Secure Labs, a Helsinki, Finland-based security company, reports a staggering increase in the number and sophistication of malware attacks on Android devices, compared to just one year ago.
In its “Mobile Threat Report, Q1 2012,” the company credits the popularity of the Android platform as a key magnet for malware authors. In first-quarter 2011, the report discovered 10 new families and variants of malware. A year later, this number jumps to 37 new families and variants discovered in the first quarter of this year, quadrupling last year's figures. Meanwhile, the report claims the number of malicious Android application package files (APKs) has spiked from 139 to 3,063 counts, year-over-year. According to the authors, this sharp escalation is largely caused by malware authors “Trojanizing” applications in an effort to circumvent antivirus signature detection, and sometimes Trojanizing bootleg copies of popular applications.
Recent examples include malware that was embedded into bootleg copies of the popular Angry Birds game. In this instance, malware was delivered and the game actually worked, thereby avoiding suspicion and leaving the malware intact.
“These are called wrappers,” explained George Usi, president of Sacramento Technology Group, a northern California-based channel partner, to CRN. "The malware authors embed their code into popular applications and start capturing passwords and messages across the mobile devices. We haven’t seen people start taking control of the target’s accounts, but that’s probably the next step. When we see them start scraping keystrokes off the systems, they can gain all kinds of access.”
The report also says that malware authors are demonstrating an increased talent for evading detection, as well as for finding new ways to infect targeted devices. Some malware families, such as DroidKungFu, GinMaster and FakeInst, have even begun using encryption and randomization. Other tactics involve hiding data within an image file, as is the case with FakeRegSMS.
“RootSmartA, for instance, downloads a root exploit to gain elevated privileges on the infected device, which allows it to install more applications onto the device. It also has a bot component that can receive commands from a server to perform malicious routine such as making unauthorized call, sending premium rate SMS messages, and accessing pay-per-view videos,” according to the report.
“The Trojans are definitely attacking the Droids,” added Usi. “Much of the response is to make sure that the device cannot access corporate assets unless the VPN is connected. And because it’s a signature update system, it can fend off the malware a little better than your standard malware app. The attacks are becoming more aggressive.”