Mobile
News
8/4/2011
05:36 PM
Connect Directly
RSS
E-Mail
50%
50%

8 Notorious Android Malware Attacks

Nearly a third of Android users will fall prey to mobile security threats this year. Here's a look at some of the worst Android malware attacks we've seen so far.

Lookout Mobile Security Protects Android Smartphones
Slideshow: Lookout Mobile Security Protects Android Smartphones
(click image for larger view and for slideshow)
As smartphones penetrate every segment of the market, mobile malware is on the rise. And according to a new threat report from Lookout Mobile Security, Android is taking the brunt of the attacks.

The Achilles heel of Android security is also a source of strength for the platform, as the open marketplace model that Google has used to propel its mobile OS to global prominence serves as an open vector for an array of malware attacks. Here are eight of the most pernicious malware threats Android has suffered so far.

1. Fake Banking Apps

In 2009, while the Android Market was still in its infancy, a user known as Droid09 uploaded several phony online banking apps to lure customers of major banking institutions into entering their online account logins. "Informed of this, Google quickly removed them," said Robert Vamosi, senior analyst at Mocana and author of When Gadgets Betray Us.

2. Android.PjappsM

Early in 2010, sly attackers downloaded legitimate programs from the Android Market, infected them with the Android.Pjapps malware, and then redistributed the modified versions on third-party Android marketplaces. The objective, according to Symantec, was to steal information from infected devices and enroll the device in a botnet that then launched attacks on websites to steal additional data and infect more devices. It also sent costly SMS messages.

3. Android.Geinimi

While not too worrisome for North American users, the Trojan horse known as Geinimi corrupted a number of legitimate Android games on Chinese download sites, and added infected devices to a mobile botnet.

4. AndroidOS.FakePlayer

While relatively ineffective against U.S.-based targets, the AndroidOS.FakePlayer threat demonstrated how easily an attacker could steal from users without their knowledge. As Symantec explained, "This malicious app masquerades as a media player application. Once installed, it silently sends SMS messages (at a cost of several dollars per message) to premium SMS numbers in Russia." Fortunately, it didn't work on wireless networks outside of Russia, so the actual damage was minimal for North American wireless customers.

5. DroidDream (aka, Android.Rootcager)

One of the most nefarious malware campaigns addressed in Lookout's Mobile Threat Report, DroidDream infected roughly 60 different legitimate apps in the Android Market and infected hundreds of thousands of users in the first quarter of 2011. The malware added infected devices to a botnet, breached the Android security sandbox, installed additional software, and stole data.

6. Android.Bgserv

Shortly after Google deployed a tool for users to clean up devices that had become infected with DroidDream, malware authors got clever and, according to Symantec, "attackers capitalized on the hype and released a malicious fake version of the cleanup tool." Known as Android.Bgserv, this somewhat less dangerous bit of malware stole device data, such as the phone's IMEI number and phone number, and uploaded it to a server in China.

7. GGTracker

As Android threats continue to evolve, malware creators are getting increasingly clever about luring users into downloading their malicious creations. In June of this year, a threat called GGTracker presented users with a mobile Web page designed to look like the official Android Market, and prompted them to download a phone battery-saving app. Once installed the app sent premium SMS messages from users' phones, charging rates of up to $40 per message.

8. DroidKungFu

In an emerging malware distribution tactic known as an update attack, malware creators weasel their way into the app store with a legitimate app, wait for a significant number of users to install it, and then inject malware into the app via an over-the-air update. The first known example of this, DroidKungFu, was thwarted before it could infect users on the official Android Market. Security analysts at Lookout spotted in on Chinese markets, and then noticed the same writers attempting to post it to the Android Market. Lookout notified Google, and the app was immediately rejected.

Attend Enterprise 2.0 Santa Clara, Nov. 14-17, 2011, and learn how to drive business value with collaboration, with an emphasis on how real customers are using social software to enable more productive workforces and to be more responsive and engaged with customers and business partners. Register today and save 30% off conference passes, or get a free expo pass with priority code CPHCES02. Find out more and register.

Comment  | 
Print  | 
More Insights
InformationWeek Elite 100
InformationWeek Elite 100
Our data shows these innovators using digital technology in two key areas: providing better products and cutting costs. Almost half of them expect to introduce a new IT-led product this year, and 46% are using technology to make business processes more efficient.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Government Tech Digest Oct. 27, 2014
To meet obligations -- and avoid accusations of cover-up and incompetence -- federal agencies must get serious about digitizing records.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
A roundup of the top stories and community news at InformationWeek.com.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.