Android threats growing in number and complexity, report says
The Android threat landscape is starting to resemble that of Windows, F-Secure researchers say
IDG News Service - The Android threat landscape is growing in both size and complexity with cybercriminals adopting new distribution methods and building Android-focused malware services, according to a report from Finnish security vendor F-Secure.
The number of mobile threats has increased by nearly 50 percent during the first three months of 2013, from 100 to 149 families and variants, F-Secure said in its Mobile Threat Report for Q1 2013 that was released on Tuesday. Over 91 percent of those threats target the Android platform and the rest target Symbian.
"While the raw amount of Android malware continues to rise significantly, it is the increased commoditization of those malware that is the more worrying trend," the F-Secure researchers said in the report. "The Android malware ecosystem is beginning to resemble that which surrounds Windows, where highly specialized suppliers provide commoditized malware services."
One example of this is an Android Trojan program dubbed Stels that was distributed through fake Internal Revenue Service emails sent by the Cutwail spam botnet during the first quarter of 2013.
Those spam emails contained links that directed recipients to a website asking them to download and update their Flash Player software. This "fake update" social engineering technique has been used in the past to distribute Windows or Mac malware.
"By installing the so-called 'Flash Player,' the victim unknowingly grants the trojan the permission to make phone calls," the F-Secure researchers said. "Stels will capitalize on this permission to reap profit by placing long-lined (a.k.a. short-stopped) calls while the device owner is asleep."
Traditionally, Android malware writers have tricked mobile users into installing malicious applications on their devices by passing them off as legitimate apps on Google Play or third-party app stores. According to the F-Secure researchers, the new email-based distribution method now extends the risk of malware infection to Android users who are not actively searching for new apps, but are regularly checking email from their phones and tablets.
However, not only financially motivated cybercriminals have started using email to distribute Android malware -- hacker groups behind targeted attacks do it too.
Back in April, security researchers from antivirus vendor Kaspersky Lab uncovered an email attack targeting Uyghur activists that distributed an Android Trojan program as an attachment. The attackers expected that some of their targets would check their email from their Android phones and designed the malware to steal contact details, call logs, text messages and other information from the infected devices.
An Android Trojan program called Perkele that's designed to be used in conjunction with Windows online banking malware like Zeus to bypass SMS-based two-factor authentication schemes, is another example of an Android malware being offered as a service on the underground market.
Android Trojan apps like Perkele have been used as part of online banking fraud attacks in the past, but they have been generally available only to more sophisticated cybercriminal gangs. However, the creator of Perkele started selling his creation to smaller and less resourceful fraudsters for affordable prices.
"This signals the shift to malware as a service -- Zeus-in-the-mobile (Zitmo) for the masses," the F-Secure researchers said in the report. "Now anybody running a Zeus botnet can find affordable options for Zitmo."
"In a way, Android is experiencing the same fate as Windows where its huge market share works in both good and bad ways," the F-Secure researchers said. "Malware authors see plenty of opportunities yet to be explored on the relatively new and growing platform and they are drawing inspiration from Windows malware's approaches, which is why we are now seeing trends such as commoditization of malware services, targeted attacks and 419 scams popping up in the mobile threat scene."
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The Threat Landscape Hardly a day goes by without the discovery of a new cyberthreat somewhere in the world! But how do you keep up with...
- Security for Virtualization In the rush to implement virtualization, security has become second. So while the business benefits are clear, the risks are less well documented...
- HP HAVEn: See the big picture in Big Data HP HAVEn is the industry's first comprehensive, scalable, open, and secure platform for Big Data. Enterprises are drowning in a sea of data...
- What Datapipe customers need to know about the new PCI DSS 3.0 compliance standard This handy quick reference outlines what PCI DSS 3.0 is, who needs to be compliant and how Alert Logic solutions address the new...
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,... All Malware and Vulnerabilities White Papers | Webcasts