It Could Still Happen To You: 2011's Top Android Malware Threats
The Most Serious Android Malware
In 2011, the vast majority of mobile malware was spyware and Trojans, according to Juniper Networks' most recent Mobile Threats Report. The malicious code is either applications themselves or functionality hidden within other applications. As a result, gauging the impact of mobile malware is largely analyzing, tracking and quantifying mobile applications. Juniper analyzed almost 794,000 applications taken from app stores, malicious Web sites, hacker repositories and other sources in compiling this report. While Nokia Symbian and Java ME devices used to be the favored target of hackers, last year marked a substantial shift toward Android devices.
The following are some of the most serious Android malware threats identified by Juniper.
Geinimi: Sign Of Complexity To Come
Geinimi was the first Android malware to leverage botnet-like capabilities. It also was the first example of legitimate applications repackaged as malware. Primarily hidden in games, the malware was released in third-party application stores in Asia.
Droid Dream: Real Nightmare
Droid Dream was embedded in legitimate applications in the official Android Market. More than 50,000 users downloaded an infected application. The malware exploited a vulnerability in the Android operating system to gain root account privileges and secretly install additional malicious code on the device.
ADRD Directs Traffic
ADRD commanded infected Android devices to send HTTP search requests to specific addresses. As a result, the malware increased rankings for the targeted Web sites, which resulted in additional advertising revenue.
Droid Kungfu Kicks In
Droid Kungfu leveraged two separate exploits to gain root access to Android devices. Because the malware comprised encrypted payloads, it could go undetected by malware scanning engines. Droid Kungfu was designed to give the attacker control over the device.
Droid Kungfu Strikes Again And Again
The first Droid Kungfu gave way to Droid Kungfu 2 and 3, which muddied communications and contained perplexing code to disguise the malware and prevent detection by security experts. The tricks also made it difficult to stop infections. Like their predecessor, Droid Kungfu 2 and 3 were meant to give the attacker control over Android devices.
Fake Installers Sought Real Money
Between October and December, Juniper found an 872 percent increase in the number of fake installers. The malware tricks Android users into paying via premium text messages for otherwise free or pirated versions of applications. The apps were hosted in third-party application stores.
Droid Deluxe Aimed At User Accounts
Droid Deluxe gained root access to infected devices. The malware stole e-mail credentials, social network account information and banking login information. Droid Deluxe's mischief stemmed from leveraging the Android operating system's root permissions, thereby avoiding security controls.
