Report: Android Malware Growing Exponentially

F-Secure Labs, a Helsinki, Finland-based security company, reports a staggering increase in the number and sophistication of malware attacks on Android devices, compared to just one year ago.

In its ’Mobile Threat Report, Q1 2012,’ the company credits the popularity of the Android platform as a key magnet for malware authors. In first-quarter 2011, the report discovered 10 new families and variants of malware. A year later, this number jumps to 37 new families and variants discovered in the first quarter of this year, quadrupling last year's figures. Meanwhile, the report claims the number of malicious Android application package files (APKs) has spiked from 139 to 3,063 counts, year-over-year. According to the authors, this sharp escalation is largely caused by malware authors ’Trojanizing’ applications in an effort to circumvent antivirus signature detection, and sometimes Trojanizing bootleg copies of popular applications.

Recent examples include malware that was embedded into bootleg copies of the popular Angry Birds game. In this instance, malware was delivered and the game actually worked, thereby avoiding suspicion and leaving the malware intact.

[Related: PCI Security Standards Council Takes On Credit Card Security Threat ]

id
unit-1659132512259
type
Sponsored post

’These are called wrappers,’ explained George Usi, president of Sacramento Technology Group, a northern California-based channel partner, to CRN. "The malware authors embed their code into popular applications and start capturing passwords and messages across the mobile devices. We haven’t seen people start taking control of the target’s accounts, but that’s probably the next step. When we see them start scraping keystrokes off the systems, they can gain all kinds of access.’

The report also says that malware authors are demonstrating an increased talent for evading detection, as well as for finding new ways to infect targeted devices. Some malware families, such as DroidKungFu, GinMaster and FakeInst, have even begun using encryption and randomization. Other tactics involve hiding data within an image file, as is the case with FakeRegSMS.

’RootSmartA, for instance, downloads a root exploit to gain elevated privileges on the infected device, which allows it to install more applications onto the device. It also has a bot component that can receive commands from a server to perform malicious routine such as making unauthorized call, sending premium rate SMS messages, and accessing pay-per-view videos,’ according to the report.

’The Trojans are definitely attacking the Droids,’ added Usi. ’Much of the response is to make sure that the device cannot access corporate assets unless the VPN is connected. And because it’s a signature update system, it can fend off the malware a little better than your standard malware app. The attacks are becoming more aggressive.’

NEXT: Android Malware Sets Sights On Root Exploits And SMS Bugs

The Mobile Threat Report points to evidence suggesting that Android malware ’are focusing on utilizing the native component, and only downloading a root exploit when needed.’ It goes on to say that the root exploit is often deleted by the malware itself, in an effort to cover its tracks.

The majority of the attacks, according to the report, are SMS bugs that send messages to premium numbers, thereby racking up fees. Most of these exploits are found on third-party sites, but a few have reportedly found their way into the mainstream Android market.

The exposures not only pose risks to the garden variety of Android user but also require a fresh look at how compliance requirements are executed in targeted vertical markets.

’People are going to have to look at their compliance issues, whether it be Sarbanes-Oxley, PCI, HIPAA, or anything else, and then recognize and address the security exposures that stem from mobile devices,’ added Sacramento Technology Group’s Usi. ’If you miss the mobile devices, you’re as good as dead. The safest thing you can do at the moment is to make sure you’re using VPNs and multi-factor authentication.’