Mobile
Commentary
6/13/2011
03:29 PM
Eric Zeman
Eric Zeman
Commentary
Connect Directly
RSS
E-Mail
50%
50%

Beware Angry Birds Help Offers: Malware in Disguise

Google removes more malware from Android market after university researchers identified background spy apps--including one that used Angry Birds frustration as bait.

Xuxian Jiang, an assistant professor in computer science at North Carolina State University, last week found 10 applications infected with malware in the Android Market. On June 5, he reported it to Google, which suspended the applications on the same day. Jiang also contacted mobile anti-virus companies and research labs, including Lookout, Symantec, McAfee, CA, SmrtGuard, Juniper, Kinetoo, Fortinet, and others.

What is this latest threat?

In a blog post published last week, Jiang explained that this new malware, which his team named "Plankton" (after the pesky Spongebob character?) doesn't attempt to root Android phones. Rather, it was designed to run in the background secretly.

"Plankton is the first one that we are aware of that exploits Dalvik-class loading capability to stay stealthy and dynamically extend its own functionality," wrote Jiang. "Its stealthy design also explains why some earlier variants have been there for more than two months without being detected by current mobile anti-virus software."

This particular piece of malware was embedded in applications that promised to help users cheat their way through Rovio's popular Angry Birds game (Angry Birds itself was not infected).

What does it do? Once the malware is fired up by the users, it loads a background service. That background service application scours the device for user data, including the device ID code, and reports it back to a remote server. The server parses the data and then sends a link back to the malware, which downloads an executable and then runs nearly invisible in the background.

The application then starts collecting more data, such as browser bookmarks, browser history, home page shortcuts, and runtime log information.

Jiang's team also found some pretty scary stuff. "During our investigation," he explained, "we also identified an interesting function that if invoked can be used to collect user's accounts. Though our analysis shows that this function is not linked to any supported command, its presence as well as the capability of dynamically loading a new payload can easily turn stealing user's accounts or even launching root exploits into reality."

Considering the type of accounts people access from their smartphones these days--business servers, email, social networking, banking, etc.--this is cause for real concern.

Google has removed the infected applications. Just two weeks ago, Google suspended 26 applications. In March, Google removed 50 poisonous apps from the Android Market.

Why is the Android Market facing these issues when Apple's App Store seemingly isn't? The Android Market is appealing to the nefarious for all the right reasons. It is open (Google doesn't curate it), it is everywhere (on millions of smartphones), and it is monetizable (can be used to charge user accounts and steal real money). Norton sees the problem growing before going away.

For IT, the challenge will be to manage employee devices effectively against new threats as they arise.

Innovative IT shops are turning the mobile device management challenge into a business opportunity--and showing that we can help people be more connected and collaborative, regardless of location. Read the new report from InformationWeek Analytics. Download it now. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Android apps
50%
50%
Android apps,
User Rank: Apprentice
11/23/2011 | 8:41:09 PM
re: Beware Angry Birds Help Offers: Malware in Disguise
I think smartphones is next target of hackers and malware developers. One question arise here is how to keep Android apps device safe? I personally suggest to think twice before downloading and installing app from unverified sources like outside of the market.
InformationWeek Elite 100
InformationWeek Elite 100
Our data shows these innovators using digital technology in two key areas: providing better products and cutting costs. Almost half of them expect to introduce a new IT-led product this year, and 46% are using technology to make business processes more efficient.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - August 20, 2014
CIOs need people who know the ins and outs of cloud software stacks and security, and, most of all, can break through cultural resistance.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.