Criminals are modifying the tools and techniques that have served them well for breaking into Windows PCs, so they can one day have as much success with Android smartphones.
In its latest Threat Evolution report, Kaspersky Lab has spotted trends that show crooks do not intend to waste a couple of decades of experience wresting profits from hapless PC users. Researchers are finding that the evolving capabilities of Android malware are mimicking those found in malicious code used on Windows for years.
Like Windows, Android is getting all the attention because it dominates its market. In the second quarter of this year, Android was in nearly 80 percent of the smartphones shipped, according to Gartner. Security vendors say more than 90 percent of the mobile malware found in the wild is looking to infect Android phones.
Windows-like malware on Android
Essentially, when it comes to having a bullseye on its back, Android is the "mobile world's equivalent to Windows," Kaspersky says.
The similarities become more troublesome when you look at how popular tools and techniques for Windows are being changed to fit the new mobile era.
Kaspersky senior researcher Roel Schouwenberg has spotted a couple of web sites with a modified version of the notorious Blackhole exploit kit. Rather than serve only Windows malware to visiting PCs, the kit also checks whether the guest is an Android device.
"It looks like some (Blackhole) versions out there have some form of Android support," Schouwenberg told me.
At the same time, the malware itself is changing. Most Android infections today are with Trojans that send text messages through the phone's SMS service to premium rate numbers. However, the tally of backdoor Trojans collected in the wild has surpassed SMS Trojans, which is a troubling trend, Kaspersky says.
The reason is backdoors are essentially tunnels that the malware creates in a computer to communicate with a command and control server. From the mother ship, the malware gets instructions and can download more malicious code.
In finding more backdoors in Android malware, Kaspersky believes the bad guys are planning more sophisticated attacks.
Other techniques borrowed from the Windows world were found in the Trojan called Backdoor.AndroidOS.Obad.a discovered by Kaspersky in June. The most sophisticated Android malware to date, it was capable of opening a backdoor, stealing information about the phone and its apps, sending SMS messages to premium numbers and spreading malware via Bluetooth.
In addition, it reached new heights in the use of encryption and code obfuscation to prevent researchers from analyzing it. Overall, Obad acted more like a Windows Trojan than the typical Android malware.
In June, researchers discovered an Android version of ransomware, another form of Windows malware. This nefarious fake anti-virus program pretends to find malicious code and offers to remove it if the victim buys a license for the full version of the app. In some cases, such malware locks up the phone until the money is paid.
Low infection rates
All of this may have you thinking it's time to toss the Android smartphone you know and love. Well, don't. The fact is infection rates on Android devices is very low.
While criminals are building better malware, they have not perfected the distribution channels. Today, most Android malware is found hidden in apps sold or given away for free on online stores other than the official Google Play store, which scans for malicious code.
These third-party operations are mostly used in Asia and Russia, where infection rates are much higher than in the U.S. If you stick with Google your chances of picking up malware is pretty slim.
Nevertheless, with developers experimenting with exploit kits and mobile ad networks to spread their wares, infection rates could rise.
All this innovation in the criminal underground points to a new generation of developers who know the PC era is over, and profits will eventually shift to smartphones and tablets. But rather than reinvent the wheel, these younger creators are smart enough to steal from the best technology of the previous generation.