Lions, Tigers, and <strike>Bears</strike> a Year of Android Malware! Oh My!

Share with your network!
A recently posted twelve month timeline traces the emergence and exponential growth of malware targeting the Android mobile platform.  The variety and rising sophistication of malware provided a number of “firsts” for the Android platform:
  • Trojans capable of generating Premium Rate SMS messages to expensive short code services.
  • Spy applications that track a user’s location, SMS history, Wi-Fi information, and voice call information.
  • Payback malware that targets Android users who download pirated software.
  • Trojans that attempt known root exploits in order to install additional software without the user’s knowledge.
  • Mobile botnet controlled via SMS or web-based C&C systems.
  • Apps capable of perpetrating fraud by allowing intercept and forward two factor mTAN validation SMS messages used by online banking sites and confirmation systems other types of services.
Many of malicious applications were repackaged versions of popular legitimate applications.  Repackaging of applications is made possible by the ease at which many Android apps can be extracted to readable Java code that can then be easily modified, repackaged, signed by an unauthenticated certificate, and uploaded to the official Android Marketplace or unofficial third party marketplace repositories.  This problem is confounded by the fact that neither the official Android Marketplace nor the third party app marketplaces employ rigorous review of app quality, legitimacy, or intent prior to posting.  While the overall amount of malware discovered on the official Android Marketplace was smaller overall than the amount found in third party app stores, Google still had to clean up multiple malicious apps via their remote app kill functionality, from their own marketplace, as well as release a tool that would attempt to clean up previous infections.  Unfortunately, this Android Market Security Tool was also subject to repackaging and re-release by malware writers, this time packing a variant of the DroidDream Trojan. How can I reduce the chances of inadvertently installing malware on my Android phone?
  • Stick to downloading applications from the main Google Marketplace - Chances are that malicious apps reported to Google will be removed quickly.
  • Don’t download pirated or knock-off applications - As we’ve seen over the past year, this is a likely infection vector on Android due to the ease with which malware authors can repackage an app with additional “functionality”.
  • Install an anti-virus application - Your chosen application must be able to scan apps upon installation, can scan preinstalled apps for known malware signatures, scan the contents of any removable memory card, and scan stored media or data on your phone.
  • Pay close attention to the list of permissions that a new application is requesting - Does it make sense for a calculator application to read incoming SMS messages, originate SMS messages, and connect to the Internet?  If the requested permissions don’t match up with your expectations for the app’s functionality, don’t allow it to install.
  • Ensure you are running the latest version of the Android OS - To minimize your handsets risk to possible exploits, keep your handset upgraded to the latest Android version available.