informa
/
News

Android 'Bootkit' Malware On Rise, Especially In China

The latest quarterly threat report from security company AVG reaffirms existing trends in the growth of Android malware, but notes a new type of threat increasing in the wild: "bootkits".

Security company AVG has released its latest quarterly threat report, and the mobile findings overwhelmingly involve Android.

Malware on other mobile platforms is exceedingly rare, but on Android it is becoming common. The most interesting news from the report, which AVG bases on threats encountered by its anti-virus software on customers' computers, is the rise of "bootkits." Bootkits are analogous to rootkits on desktop computers. Android is based on a pared-down Linux kernel. A bootkit is a program that modifies and injects itself into that kernel. The malicious code therefore is always running on the phone; the user doesn't have to load an app. Like a rootkit it can do almost anything it wants, including intercepting information being sent from the operating system to apps and modifying it. It could, for example, change the numbers being displayed by your bank app.

Android bootkits aren't that sophisticated yet. AVG says that attacks still consist mostly of using premium SMS numbers to make money for the attackers. The numbers of such attacks are increasing, though, and are now increasingly based on more powerful techniques, such as the bootkit, which enable more sophisticated exploits.

The other big but not surprising news is the continued geographical concentration of Android malware in China and other far-eastern countries. Third-party app stores are more popular in these countries and malware has made its way into these stores more easily than it has in the official Google Play store.