AVG Issues Smartphone Malware Warnings

Printer-friendly version Email this CRN article

Cybercriminals are increasing their focus on Android-based smartphones, given the relative openness of the Android platform, especially when combined with effective social engineering tactics. That's according to security vendor, AVG, which recently released its Threat Report for the second quarter of 2012.

The Android platform represents approximately 59 percent of the global market and has been heavily targeted by malware authors, particularly from China and neighboring markets, according to the report.

The second quarter of this year witnessed the introduction of the first Android bootkit, "DKFbootkit," which masquerades as a fake version of a legitimate application and damages the smartphone’s Linux kernel code by replacing it with malicious code. The key, according to AVG, is to trick users into approving the installation of the malware, thereby enabling it to adjust the boot sequence and fully engage when the device is turned on. Such an attack converts the device into a zombie that is fully under the cybercriminal’s control.

[Related: The Biggest Data Breaches of 2012 (So Far)]

"Hackers are getting much better with social engineering methods," explained Larry Bridwell, global security strategist at AVG. "And also, we're seeing the use of third-party app stores as a venue for spreading malware, particularly in the Asian markets. We are also seeing mobile exploits beginning to grow, especially on the Android because it tends to be more open."

For example, a Microsoft "Patch Tuesday" security bulletin closed the temporary window for a Trojan horse email attack against China, Japan, South Korea, Taiwan and the United States in order to send political messages regarding conditions in Tibet. The email attachment also contains an embedded encrypted executable file that collects sensitive user information and is able to download additional malware.

"Some of this stuff comes packaged in very legitimate looking programs," added Bridwell. "Users should check to see whether it has a root access or super-user access, or access to your contacts, and decide whether the requested rights are warranted. And, always update your programs such as Adobe Reader and Adobe Acrobat because those seem to get hit even more frequently than the operating systems nowadays."

NEXT: Additional Exploits

Printer-friendly version Email this CRN article