Android threats growing in number and complexity, report says

The Android threat landscape is starting to resemble that of Windows, F-Secure researchers say

The Android threat landscape is growing in both size and complexity with cybercriminals adopting new distribution methods and building Android-focused malware services, according to a report from Finnish security vendor F-Secure.

The number of mobile threats has increased by nearly 50 percent during the first three months of 2013, from 100 to 149 families and variants, F-Secure said in its Mobile Threat Report for Q1 2013 that was released on Tuesday. Over 91 percent of those threats target the Android platform and the rest target Symbian.

"While the raw amount of Android malware continues to rise significantly, it is the increased commoditization of those malware that is the more worrying trend," the F-Secure researchers said in the report. "The Android malware ecosystem is beginning to resemble that which surrounds Windows, where highly specialized suppliers provide commoditized malware services."

One example of this is an Android Trojan program dubbed Stels that was distributed through fake Internal Revenue Service emails sent by the Cutwail spam botnet during the first quarter of 2013.

Those spam emails contained links that directed recipients to a website asking them to download and update their Flash Player software. This "fake update" social engineering technique has been used in the past to distribute Windows or Mac malware.

"By installing the so-called 'Flash Player,' the victim unknowingly grants the trojan the permission to make phone calls," the F-Secure researchers said. "Stels will capitalize on this permission to reap profit by placing long-lined (a.k.a. short-stopped) calls while the device owner is asleep."

Traditionally, Android malware writers have tricked mobile users into installing malicious applications on their devices by passing them off as legitimate apps on Google Play or third-party app stores. According to the F-Secure researchers, the new email-based distribution method now extends the risk of malware infection to Android users who are not actively searching for new apps, but are regularly checking email from their phones and tablets.

However, not only financially motivated cybercriminals have started using email to distribute Android malware -- hacker groups behind targeted attacks do it too.

Back in April, security researchers from antivirus vendor Kaspersky Lab uncovered an email attack targeting Uyghur activists that distributed an Android Trojan program as an attachment. The attackers expected that some of their targets would check their email from their Android phones and designed the malware to steal contact details, call logs, text messages and other information from the infected devices.

An Android Trojan program called Perkele that's designed to be used in conjunction with Windows online banking malware like Zeus to bypass SMS-based two-factor authentication schemes, is another example of an Android malware being offered as a service on the underground market.

Android Trojan apps like Perkele have been used as part of online banking fraud attacks in the past, but they have been generally available only to more sophisticated cybercriminal gangs. However, the creator of Perkele started selling his creation to smaller and less resourceful fraudsters for affordable prices.

"This signals the shift to malware as a service -- Zeus-in-the-mobile (Zitmo) for the masses," the F-Secure researchers said in the report. "Now anybody running a Zeus botnet can find affordable options for Zitmo."

"In a way, Android is experiencing the same fate as Windows where its huge market share works in both good and bad ways," the F-Secure researchers said. "Malware authors see plenty of opportunities yet to be explored on the relatively new and growing platform and they are drawing inspiration from Windows malware's approaches, which is why we are now seeing trends such as commoditization of malware services, targeted attacks and 419 scams popping up in the mobile threat scene."

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags securitymobile securityf-securespywaremalwarekaspersky lab

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Matthew Stivala

HP OfficeJet 250 Mobile Printer

The HP OfficeJet 250 Mobile Printer is a great device that fits perfectly into my fast paced and mobile lifestyle. My first impression of the printer itself was how incredibly compact and sleek the device was.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?