Cyber crooks eye Android

Lutz Blaeser, MD of Intact Security (image: LivDigital)

In a short space of time, Android has claimed the lion’s share of the mobile market – in fact more than 900 million Android mobile devices have now been activated. Unfortunately, this popularity has put a large target on the platform’s back.

Lutz Blaeser, MD of Intact Security (image: LivDigital)
Lutz Blaeser, MD of Intact Security (image: LivDigital)

This popularity among users and malware authors alike, will continue unchecked in the second half of 2013, and as the number one attack platform for malware authors, says Lutz Blaeser, MD of Intact Security, Android has become a lucrative target.

In fact, he says experts at G Data expect the number of new Android malware programs to triple over the next six months.

“Due to the popularity of the platform, a varied economic structure based on attacks on smart mobile devices has gradually developed, with monetary reasons still the main motive for attacks. These days, the benefit cost ratio is quite high.”

However, he says while malware was still pretty basic last year and aimed at short-term success, the trend has now changed. “Just like in the early days of PC malware, the malicious functions in Android apps are already being disguised in the source code. This prevents automated analyses and human analysts from reading the malicious functions directly.”

In a recent report, G Data detected a total of 519 095 new malicious files in the first half of this year alone, equating to an average of 2 868 new Android malware files per day. “This signifies a 180% increase compared to the first half of 2012 (185 2106) and more than sixteen-fold growth compared to the first half of 2012 (29 5956),” adds Blaeser.

He says malware authors not only create malware for use in their own attacks, they often sell it on dubious online markets too. “Developer accounts that are registered and verified on Google’s official app market are also traded.”

It is no surprise that offering all sorts of malicious apps on Google Play gives the attackers much better chances of spreading them. Hence, accounts that can be registered for $25 are then traded for $100. “Gmail accounts are also popular prey, especially when they grant access to Android mobile devices and all the personal data and shopping options related to them.”

He says that based on the properties of the malicious code, the individual files can be assigned to different malware families. In the last six months experts recorded 203 new families.

It comes as no surprise that Trojan horses, designed to steal login details and empty bank accounts, are still the dominant type of malware, as they have been in the PC malware sector for years. In the mobile sector, the Trojans’ share of all new samples is about 46%, with a staggering 86% in the malware classified in families.

“Cybercrime is and will continue to be mainly financially motivated,” Blaeser adds. “Either directly, by sending premium SMS or similar, or indirectly by selling stolen data.”

However, more frightening than cyber criminals trying to make a quick buck, there has been an increase in detected backdoor activities that ensure a long-term connection with an infected device and can cause various forms of damage. “Backdoors are used to create smartphone botnets that can systematically execute malicious functions in a structured way, by stealing data, or sending SMSes to premium rate numbers.”

On the plus side, Blaeser says consumers are slowly cottoning on to the fact their “phone” is a full-scale computer. “Unfortunately, market analysts at Canalys report that only 4% of smartphones and tablet PCs had downloaded and installed a mobile security solution in 2010, and this number is expected to increase to only 20% by 2015.”

He says it is imperative that this proportion of protected devices be increased. “Smart devices should be handled with as much care as the home or work PC when it comes to protecting them from viruses, Trojans, backdoors and suchlike protecting personal data and valuables. Attackers of mobile devices will be no less dangerous than PC attackers in the future.”

Staff writer