Android threats growing in number and complexity, report says

The Android threat landscape is starting to resemble that of Windows, F-Secure researchers say

The Android threat landscape is growing in both size and complexity with cybercriminals adopting new distribution methods and building Android-focused malware services, according to a report from Finnish security vendor F-Secure.

The number of mobile threats has increased by nearly 50 percent during the first three months of 2013, from 100 to 149 families and variants, F-Secure said in its Mobile Threat Report for Q1 2013 that was released on Tuesday. Over 91 percent of those threats target the Android platform and the rest target Symbian.

"While the raw amount of Android malware continues to rise significantly, it is the increased commoditization of those malware that is the more worrying trend," the F-Secure researchers said in the report. "The Android malware ecosystem is beginning to resemble that which surrounds Windows, where highly specialized suppliers provide commoditized malware services."

One example of this is an Android Trojan program dubbed Stels that was distributed through fake Internal Revenue Service emails sent by the Cutwail spam botnet during the first quarter of 2013.

Those spam emails contained links that directed recipients to a website asking them to download and update their Flash Player software. This "fake update" social engineering technique has been used in the past to distribute Windows or Mac malware.

"By installing the so-called 'Flash Player,' the victim unknowingly grants the trojan the permission to make phone calls," the F-Secure researchers said. "Stels will capitalize on this permission to reap profit by placing long-lined (a.k.a. short-stopped) calls while the device owner is asleep."

Traditionally, Android malware writers have tricked mobile users into installing malicious applications on their devices by passing them off as legitimate apps on Google Play or third-party app stores. According to the F-Secure researchers, the new email-based distribution method now extends the risk of malware infection to Android users who are not actively searching for new apps, but are regularly checking email from their phones and tablets.

However, not only financially motivated cybercriminals have started using email to distribute Android malware -- hacker groups behind targeted attacks do it too.

Back in April, security researchers from antivirus vendor Kaspersky Lab uncovered an email attack targeting Uyghur activists that distributed an Android Trojan program as an attachment. The attackers expected that some of their targets would check their email from their Android phones and designed the malware to steal contact details, call logs, text messages and other information from the infected devices.

An Android Trojan program called Perkele that's designed to be used in conjunction with Windows online banking malware like Zeus to bypass SMS-based two-factor authentication schemes, is another example of an Android malware being offered as a service on the underground market.

Android Trojan apps like Perkele have been used as part of online banking fraud attacks in the past, but they have been generally available only to more sophisticated cybercriminal gangs. However, the creator of Perkele started selling his creation to smaller and less resourceful fraudsters for affordable prices.

"This signals the shift to malware as a service -- Zeus-in-the-mobile (Zitmo) for the masses," the F-Secure researchers said in the report. "Now anybody running a Zeus botnet can find affordable options for Zitmo."

"In a way, Android is experiencing the same fate as Windows where its huge market share works in both good and bad ways," the F-Secure researchers said. "Malware authors see plenty of opportunities yet to be explored on the relatively new and growing platform and they are drawing inspiration from Windows malware's approaches, which is why we are now seeing trends such as commoditization of malware services, targeted attacks and 419 scams popping up in the mobile threat scene."

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Tags securitymobile securityf-securespywarekaspersky labmalware

Struggling for Christmas presents this year? Check out our Christmas Gift Guide for some top tech suggestions and more.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Shopping.com

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?