Number of malicious Android apps grows by 2200% year over year

So why the growth? For one part, it is due to Android’s popularity. As market shares have grown and companies like Samsung have moved into the top handset manufacturer spots, Android has become a lucrative target for malware writers. Greed is a powerful motivator and the majority of malware is written to gain money illegally and unethically. The 2200% jump in malicious apps is largely due to attempts by malware writers to modify malware signatures to defeat anti-virus detection coupled with an increase in the number of apps trojanized.

This trojanizing of popular apps is a key strategy for cyber criminals. They take a popular game, say Angry Birds, and then add malware to it. Next, it is disseminated via third party app stores or via direct download links on social networking sites. Unsuspecting victim’s download the app which in turn infects their Android device. In the case of premium rate SMS malware, the next phone bill is unexpectedly large!

Three interesting malware packages found in the last year include:

• FakeToken.A, a Trojan that pretends to be a token generator for mobile banking. The malware works by impersonating a valid token generator but, in fact, only issues random numbers while in the background sending the username and password for the mobile banking to a command and control server.
• Boxer.H, a new variant of the existing Boxer family, which pretends to be Google Play.
• RootSmart.A, downloads an exploit to gain root privileges on the infected device. This in turn allows it to install more applications / malware. It also has a bot component that can receive commands from a remote server. These commands include malicious money making actions like sending premium rate SMS messages, and accessing pay-per-view videos.

As always – be careful what you download and from where you download it!

Are you concerned about Android malware? Are you a victim? What do you think Google should do about it? Let us know by leaving a comment below.