You might be asking yourself if you read the headline to this post correctly. A 2200% growth in the number of malicious Android apps, can that be right? Unfortunately it is. According to the Mobile Threat Report Q1 2012 (PDF) released by security company F-Secure, the number of malicious Android application package files (APKs) they received in the first three months of the year grew from 139 in 2011 to 3063 for the same period in 2012. Similarly, in 2011 security researchers discovered 10 new families of Android malware. Move forward twelve months, and that number has grown nearly four-fold with 37 new families and variants discovered in Q1 2012.
So why the growth? For one part, it is due to Android’s popularity. As market shares have grown and companies like Samsung have moved into the top handset manufacturer spots, Android has become a lucrative target for malware writers. Greed is a powerful motivator and the majority of malware is written to gain money illegally and unethically. The 2200% jump in malicious apps is largely due to attempts by malware writers to modify malware signatures to defeat anti-virus detection coupled with an increase in the number of apps trojanized.
This trojanizing of popular apps is a key strategy for cyber criminals. They take a popular game, say Angry Birds, and then add malware to it. Next, it is disseminated via third party app stores or via direct download links on social networking sites. Unsuspecting victim’s download the app which in turn infects their Android device. In the case of premium rate SMS malware, the next phone bill is unexpectedly large!
Three interesting malware packages found in the last year include:
- FakeToken.A, a Trojan that pretends to be a token generator for mobile banking. The malware works by impersonating a valid token generator but, in fact, only issues random numbers while in the background sending the username and password for the mobile banking to a command and control server.
- Boxer.H, a new variant of the existing Boxer family, which pretends to be Google Play.
- RootSmart.A, downloads an exploit to gain root privileges on the infected device. This in turn allows it to install more applications / malware. It also has a bot component that can receive commands from a remote server. These commands include malicious money making actions like sending premium rate SMS messages, and accessing pay-per-view videos.
As always – be careful what you download and from where you download it!
Are you concerned about Android malware? Are you a victim? What do you think Google should do about it? Let us know by leaving a comment below.