An Android botnet is believed to have infected up to a million devices, and security researchers say the cybercriminals behind the malware are using more sophisticated techniques.
The MDK botnet has been spreading to Android device owners throughout China and is believed, according to Kingsoft Security, to be spreading by embedding the MDK Trojan in more than 7,000 apps found on third-party Android stores. The Android threat has grown enough for China Mobile, one of the country's largest telecommunications providers, to issue a warning about the problem.
Symantec said a new variant of the MDK Trojan is growing in sophistication, using Advanced Encryption Standard (AES) algorithms to encrypt data. Using encryption helps the Trojan remain stealthy and makes it difficult for security researchers to conduct malware analysis and trace the threat back to command-and-control servers and, ultimately, the botmaster.
"Once installed, the Trojan enables the attacker to remotely control users' devices, consequently allowing the attacker to harvest user data, download additional APKs, and generate nuisance adware," wrote Flora Liu, a Symantec security response manager, on the company's security blog. "The Trojan has been repackaged into legitimate apps, including popular games such as 'Temple Run' and 'Fishing Joy,' to lull users into installing the malware."
The Trojan also uses dynamic loading, data encryption and code obfuscation to evade detection, Liu said.
While the threat is limited to China, security experts warn Android smartphone owners to download apps from well-known and trusted app vendors. Symantec said that downloading Android Application Package (.APK) files from sites other than Google Play can be dangerous.
Android malware grew to 350,000 in 2012, according to a threat report issued this week by Trend Micro. The company said SMS Trojans, designed to accumulate premium rate charges, accounted for a large amount of the malware. Android apps embedded with aggressive ads are designed to collect as much personal data as possible.
"Much of this growth was driven by adware and premium service abusers, which accounted for a sizable majority of the seen growth," the firm said. "This threat grew and became more sophisticated throughout the entire year, and we expect that this will continue into 2013."
PUBLISHED JAN. 24, 2013