Android malware steals location data from mobile devices
CSO - BitDefender Labs has discovered Android malware that regularly broadcasts the location of the infected mobile device to a remote server.
What the malware creators intend to do with the privacy-invading information is not clear. The app operates in the background and appears on the smartphone or tablet as an icon with the word "store" written on it.
The store icon is apparently meant to fool the device user into thinking that it is only an e-commerce app, according to Bitdefender. In actuality, the malware broadcasts latitude and longitude of the device, as well as the name of the wireless carrier. It also attempts to enable the device's Wi-Fi connection and scan for antivirusailable access points. All the data is transmitted to the remote server via the device's Internet connection.
[More on the subject: Security managers split on BYOD, skeptical of Android devices]
"Speculating on why all this information is broadcasted, we could conclude that infected devices act as beacons, providing attackers with a relative positioning of certain Wi-Fi networks and the frequency to which infected devices connect or interact with them," BitDefender said in a blog post on Tuesday.
The lightweight spyware has no user interface and transmits location information every couple of seconds. Because the malware runs so effectively in the background, Bitdefender believes it will eventually be bundled with other apps.
Whether it's spyware or another type of malicious app, the number of mobile malware is soaring. The rate of growth last year was 155 percent over 2010, according to Juniper Networks. During the first quarter of this year, the year-to-year increase was 30 percent, with spyware alone doubling. Most mobile malware is targeted at Android, the leading smartphone operating system.
While the increase in mobile malware is troubling, the actual number of infected smartphones and tablets remains relatively few when compared with PC infections. "While we probably haven't seen a widespread, malware epidemic in terms of the Android platform, there have been some that haven't been detected," Christian Kane, analyst for Forrester Research, said.
As a result, companies are looking for technology to manage applications and corporate data on employees' devices. The mobile security market was $674.8 million worldwide last year and is projected to top $1 billion this year, according to IDC. By 2015, the market is expected to reach $1.85 billion, a compound annual growth rate of more than 35 percent.
Symantec, hoping to grab a slice of the pie, announced on Tuesday its first enterprise-grade antivirus software for Android devices. Called Mobile Security for Android, the antivirus software checks suspicious apps against Symantec's blacklist of known malware. When a bad app is discovered, the software can be set to notify the device user and a corporate security team through a mobile device management console.
- Big Data, Big Mess: Sound Risk Intelligence Through Complete Context This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- Getting Real About Management and "Big Data" It's an exciting yet daunting time to be a security professional. Security threats are becoming more aggressive and voracious. Governments and industry bodies...
- The Big Data Security Analytics Era Is Here Security management must be based upon continuous monitoring and data analysis for situational awareness and data-driven security decisions. Organizations have entered the era...
- Transforming Information Security: Future-Proofing Processes This report provides a valuable set of recommendations from 19 of the world'd leading security officers to help organizations build security strategies for...
- Business-driven Data Protection Setting up data protection infrastructures with your organizations' core mission or business in mind is key. In this webinar, the Arcserve team will...
- Establish Cyber Resiliency: Developing a Continuous Response Architecture Many enterprises fail to proactively prepare the battlefield for a data breach by only leveraging outdated techniques that focus on the perimeter or... All Data Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!