There’s been a marked increase in for-profit mobile malware in the last few months. Here’s what you should know about eight threats targeting the Android OS.
The Android mobile operating and the BYOD (bring your own device) trend – a marriage made in heaven. For app-hungry users probably, but the combination could be malevolent mix for some workplace IT administrators.
There’s been a marked increase in for-profit mobile malware over the last few months, according to a report recently released by security firm McAfee Inc. The reported, titled: McAfee Threat Report: Second Quarter 2011, also said that during this period Android mobile operating system shot up to number one most-targeted mobile platform, from number three during the first three months of the year.
“This increase in threats to such a popular platform should make us evaluate our behaviour on mobile devices and the security industry’s preparedness to combat this growth,” the McAfee report said.
IT security managers and administrators should take note of the developments because growing BYOD trend of using personal devices in the workplace renders many businesses vulnerable to mobile threats, according to Doug Cooke, director of sales engineering at McAfee Canada.
“Because of the operating system’s flexibility and open architecture a lot of users are moving to Android phones. Naturally a lot of users also want to be able to use their new and powerful smartphones in the workplace,” he said.
Unfortunately, the Android OS is currently the leading target of mobile malware developers, according to McAfee. The company’s most recent report said the top five targets for the second quarter of 2011 are:
- Java Micro Edition (ME)
Apple’s iOS has remained relatively safe because it has a much tighter application approval and publishing process compared to Android and more data protection options.
Android malware came under the spotlight in March when Google yanked more than 50 apps infected with the DroidDream from the Android Marketplace.
As with desktop and browser-based malware, hackers using mobile OSes are targeting big businesses, but these cyber criminals also have SMBs in their sights, said Cooke. “They know that many SMBs maintain profitable client databases and even intellectual property (IP) data. And very often this information passes through or is stored in smartphones.”
The explosion of mobile malware in the last six months has more than doubled for Android smartphone users, according to Lookout Security Inc., a firm that develops anti-malware software for the Android OS.
In June, between one per cent and five per cent of Android users were infected by one form of mobile malware or another, said Kevin Mahaffey, co-founder and CTO of the San Francisco-based company. “In January we saw only 80 unique pieces of Android malware, but by the end of June we tracked over 400,” Mahaffey said.
He said hackers typically use the “rogue app model” where attackers pirate a legitimate program, add malicious code to it and then re-release the app which has now been turned into malware.
Cooke of McAfee said much of the mobile malware the company has investigated involve apps that grab control of a mobile device and make the phone send out calls or SMS messages that are billed to the users account. “Users eventually learn they have been victimize when they receive the monthly phone bill.”
The McAfee report said some of the latest Android threats in the open include:
Jmsonez.A – A version of a calendar app that doesn’t quite work as intended. When the program is launched it displays the calendar for January 2011. If the user tries to change the month, the malware begins sending SMS messages to a premium-rate number.
DroidKungFu – This malware is similar to the DroidDream malware which steals information from a host device. It also uses a pair of root exploits to maintain itself on the devices. Like DroidDream, this variant can load URLs and install malicious software and updates secretly.
Smsmecap.A – This is a modified version of a legitimate comedy app. The malware sends humorous and irreverent SMS messages to all the contacts in the user’s address book.
DroidDreamLite – This is a less capable version of the DroidDream malware family. It does not include any root exploits to remain installed on an infected device.
Tcent.A – A Trojan that also send SMS messages to a premium rate number. But this one has a self-protecting feature. The malware targets the QQ instant-messaging service that is popular in China. The malware attempts to uninstall anti-virus and other security software that are bundled with mobile QQ clients.
Crisewin.A – This a premium-rate sending Trojan that has some botnet functions including executing orders from the attackers’ command server. The attacker can send SMS messages from an infected device which is useful for signing up a user to a premium-rate subscription service and uninstalling security software. One drawback of the malware is that is was designed for the Symbian OS and does not run properly on Android devices.
J.SMSHider.A – The author of this malware modified a legitimate SMS love analyzer to add a backdoor functionality to enabled unauthorized premium-rate service subscription and the ability to delete incoming SMS messages. The malware also uses encryption to cover the compromised smartphone’s communication with the attacker.
Toplank.A – This malware pretends to be a multi-user update for the popular game Angry Birds. In reality the malware is sending sensitive information such as international mobile subscriber identity, list of app permissions granted and other information to the attacker’s server. The app also downloads additional Android apps to the device. These new apps provide the backdoor for attacker who can then add and delete bookmarks, browser history and shortcuts and download other software in the future.
(With reports from Greg Keizer)