8 Notorious Android Malware Attacks

Nearly a third of Android users will fall prey to mobile security threats this year. Here's a look at some of the worst Android malware attacks we've seen so far.

Robert Strohmeyer, Contributor

August 4, 2011

4 Min Read
InformationWeek logo in a gray background | InformationWeek

Lookout Mobile Security Protects Android Smartphones

Lookout Mobile Security Protects Android Smartphones


Slideshow: Lookout Mobile Security Protects Android Smartphones (click image for larger view and for slideshow)

As smartphones penetrate every segment of the market, mobile malware is on the rise. And according to a new threat report from Lookout Mobile Security, Android is taking the brunt of the attacks.

The Achilles heel of Android security is also a source of strength for the platform, as the open marketplace model that Google has used to propel its mobile OS to global prominence serves as an open vector for an array of malware attacks. Here are eight of the most pernicious malware threats Android has suffered so far.

1. Fake Banking Apps

In 2009, while the Android Market was still in its infancy, a user known as Droid09 uploaded several phony online banking apps to lure customers of major banking institutions into entering their online account logins. "Informed of this, Google quickly removed them," said Robert Vamosi, senior analyst at Mocana and author of When Gadgets Betray Us.

2. Android.PjappsM

Early in 2010, sly attackers downloaded legitimate programs from the Android Market, infected them with the Android.Pjapps malware, and then redistributed the modified versions on third-party Android marketplaces. The objective, according to Symantec, was to steal information from infected devices and enroll the device in a botnet that then launched attacks on websites to steal additional data and infect more devices. It also sent costly SMS messages.

3. Android.Geinimi

While not too worrisome for North American users, the Trojan horse known as Geinimi corrupted a number of legitimate Android games on Chinese download sites, and added infected devices to a mobile botnet.

4. AndroidOS.FakePlayer

While relatively ineffective against U.S.-based targets, the AndroidOS.FakePlayer threat demonstrated how easily an attacker could steal from users without their knowledge. As Symantec explained, "This malicious app masquerades as a media player application. Once installed, it silently sends SMS messages (at a cost of several dollars per message) to premium SMS numbers in Russia." Fortunately, it didn't work on wireless networks outside of Russia, so the actual damage was minimal for North American wireless customers.

5. DroidDream (aka, Android.Rootcager)

One of the most nefarious malware campaigns addressed in Lookout's Mobile Threat Report, DroidDream infected roughly 60 different legitimate apps in the Android Market and infected hundreds of thousands of users in the first quarter of 2011. The malware added infected devices to a botnet, breached the Android security sandbox, installed additional software, and stole data.

6. Android.Bgserv

Shortly after Google deployed a tool for users to clean up devices that had become infected with DroidDream, malware authors got clever and, according to Symantec, "attackers capitalized on the hype and released a malicious fake version of the cleanup tool." Known as Android.Bgserv, this somewhat less dangerous bit of malware stole device data, such as the phone's IMEI number and phone number, and uploaded it to a server in China.

7. GGTracker

As Android threats continue to evolve, malware creators are getting increasingly clever about luring users into downloading their malicious creations. In June of this year, a threat called GGTracker presented users with a mobile Web page designed to look like the official Android Market, and prompted them to download a phone battery-saving app. Once installed the app sent premium SMS messages from users' phones, charging rates of up to $40 per message.

8. DroidKungFu

In an emerging malware distribution tactic known as an update attack, malware creators weasel their way into the app store with a legitimate app, wait for a significant number of users to install it, and then inject malware into the app via an over-the-air update. The first known example of this, DroidKungFu, was thwarted before it could infect users on the official Android Market. Security analysts at Lookout spotted in on Chinese markets, and then noticed the same writers attempting to post it to the Android Market. Lookout notified Google, and the app was immediately rejected.

Attend Enterprise 2.0 Santa Clara, Nov. 14-17, 2011, and learn how to drive business value with collaboration, with an emphasis on how real customers are using social software to enable more productive workforces and to be more responsive and engaged with customers and business partners. Register today and save 30% off conference passes, or get a free expo pass with priority code CPHCES02. Find out more and register.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights