Monday, May 29, 2017
Home / Malware / Android under attack – Widespread malware

Android under attack – Widespread malware

The amount of mobile malware targeting the Android community has boomed over the last four months, according to security firm Kaspersky.

Kaspersky researchers reported detecting 100,000 mobile malware variants during the second quarter of 2013, in its latest IT Threat Evolution report.

“Virtually all mobile samples that were discovered in the mobile realm were targeting Android in Q2 – just like in the first quarter of the year. One remarkable milestone was reached right at the end of the quarter – on 30 June the 100,000 modifications barrier (consisting of 629 malware families) was broken,” read the report.

The report said 29,695 of the attacks were entirely new, marking a quickening in pace by hackers, who are believed to have created 22,750 new Android malware variants in the previous quarter. The paper said the figure is particularly troubling as each of the malware variants is being carried on a number of Trojan apps.

“We’re not counting individual malicious apps, but malicious code samples. These code samples, however, are mostly used in multiple Trojanised apps, resulting in a significantly higher number of malicious apps waiting to be downloaded,” read the report.

“The common procedure for cyber criminals is to download legitimate apps, adding malicious code and using them as a vehicle for distribution. The repackaged apps are then uploaded again, especially to third-party app stores. Popular apps are targeted to abuse their reputation, since users are actively searching for them and this therefore makes life easier for cybercriminals.”

The researchers highlighted the discovery of a new Obad Trojan as being particularly troubling, confirming it has several new features.

“Those who created [Obad] took advantage of yet another previously unknown flaw in Android OS, which enables a malicious program to gain extended Device Administrator privileges without being listed among the applications having such privileges,” they noted.

“This makes it impossible to remove the malware from the mobile device. Overall, the malicious program exploits three previously unpublished vulnerabilities. We have never encountered anything like it before in mobile malware.”

The paper listed the Trojan as being particularly dangerous as it grants criminals a variety of powers over the infected device. “It can send SMS messages to premium numbers, download and install other malware on the infected device and/or send it via Bluetooth, as well as remotely perform commands from the console,” read the report.

The growth in mobile malware comes during a wider boom in global cybercrime levels, with Kaspersky claiming to have neutralised 983,051,408 incidents during Q2 2013.

Mobile malware has been a growing concern within the security community, with vendors reporting new sophisticated attacks and vulnerabilities on a near daily basis. Most recently Symantec reported finding a flaw in Google Android’s cryptographic protocols leaving as many as 360,000 applications open to attack.

Cross-posted from www.v3.co.uk

About FastFlux

Owner of ZeroSecurity, interested in programming, malware analysis and penetration testing. If you would like to write for the ZeroSecurity team, please use the contact form above.

Check Also

Silent OS 3.0 for Blackphone Completely revamped

Version 3.0 migrates Silent OS to Android Marshmallow 6.0.1 and delivers the Android safety patch …