Android malware grew by 1410% in first half of 2011

Trend Micro warns about the spread of more sophisticated Android malware
Kerry Butters

October 10, 2011
Android Logo

Android malware is becoming increasingly prevalent and sophisticated, according to new reports by Trend Micro.

The security firm says that “newer and more complicated Android malware variants are expected to emerge, along with the rising number of malicious [...] apps.”

Recent research showed that 3.5 new threats to the platform are created every second and the growth of discovered malware rose by 1410% in the first half of this year.

Threats vary from malicious downloaders to data stealing malware and also include premium services and advertising fraud.

Trend says that malware targeting Android continues to improve in terms of performance, and it’s getting better at “using new techniques to thwart analysis and to avoid detection.”

One recent discovery comes in the form of an e-book reader which can be downloaded from a third-party app store.

The app asks the user to allow a fairly ridiculous set of conditions in order to be installed, including the ability of the app to read, edit and receive SMS and MMS.

It also requests that it be given permission to read and write contact data, have full internet access, read the phone identity, modify the contents of the SD card and directly call phone numbers and send messages.

Analysis of the app showed that it connected to two servers in order to receive commands and deliver payloads.

The second server was for an encrypted blog site, which caught the attention of researchers as it’s the first time they have seen Android malware which has “implemented this kind of technique to communicate.”

Further analysis showed that the content contained six encrypted posts which contained back-up control and command server URLs.

Further binaries had been added between July and September which were named _test, suggesting to researchers that the malware is still under development.

Once the posts in the blog had been decrypted, it was found that the files were just different variants of the same file.

The differences found revealed that newer versions of the malware “had the capability to display notifications that attempt to trick users into approving the download of an update.”

Later versions also showed the capability to kill four security products.

Whilst Trend says that the use of blogs relating to malware activity is nothing new, this is the first time it has been found in Android malware, which is “another sign of continued development and proliferation.”

To protect against security threats on an Android device, users should only download from trusted sources and ensure they have security software installed.

It is also wise to ensure auto-connect to Wi-Fi is turned off and to use the security features that come with the phone such as a security pin.






 

Comments in chronological order (2 comments)

  1. Jason Alexander says:

    I switched from my Android EVO on Sprint to an iPhone on Verizon. I have never looked back. My EVO was a revelation when I got it, but I didn’t realize that the iPhone was such a smooth and bug free platform.

    Also, downloading apps from the app store is a completely stress free experience. I don’t have to give a second thought to whether or not the the new app I just found is “from a trusted source” as this article suggests is needed. In the Android Marketplace, I always had to keep in the back of my head that a new app could be malware.

  2. Kerry Butters says:

    I too love the iOS platform for security - the “trusted source” suggestion is aimed at users of the android platform only in the article, it’s not necessary on iPhone as all apps have to be approved in order to make it into the App Store.

    Whilst Android is good in that it allows devs to use its open source nature to create great apps, the downside to it is the ever-increasing security risks that it poses to users.

Post a comment

Your email address will not be published. Required fields are marked *

Visited 2004 times, 3 so far today