The Achilles heel of Android security is also a source of strength for the platform, as the open marketplace model that Google has used to propel its mobile OS to global prominence serves as an open vector for an array of malware attacks. Here are eight of the most pernicious malware threats Android has suffered so far.
Early in 2010, sly attackers downloaded legitimate programs from the Android Market, infected them with the Android.Pjapps malware, and then redistributed the modified versions on third-party Android marketplaces. The objective, according to Symantec, was to steal information from infected devices and enroll the device in a botnet that then launched attacks on websites to steal additional data and infect more devices. It also sent costly SMS messages.
While not too worrisome for North American users, the Trojan horse known as Geinimi corrupted a number of legitimate Android games on Chinese download sites, and added infected devices to a mobile botnet.
While relatively ineffective against U.S.-based targets, the AndroidOS.FakePlayer threat demonstrated how easily an attacker could steal from users without their knowledge. As Symantec explained, "This malicious app masquerades as a media player application. Once installed, it silently sends SMS messages (at a cost of several dollars per message) to premium SMS numbers in Russia." Fortunately, it didn't work on wireless networks outside of Russia, so the actual damage was minimal for North American wireless customers.
5. DroidDream (aka, Android.Rootcager)
One of the most nefarious malware campaigns addressed in Lookout's Mobile Threat Report, DroidDream infected roughly 60 different legitimate apps in the Android Market and infected hundreds of thousands of users in the first quarter of 2011. The malware added infected devices to a botnet, breached the Android security sandbox, installed additional software, and stole data.
Shortly after Google deployed a tool for users to clean up devices that had become infected with DroidDream, malware authors got clever and, according to Symantec, "attackers capitalized on the hype and released a malicious fake version of the cleanup tool." Known as Android.Bgserv, this somewhat less dangerous bit of malware stole device data, such as the phone's IMEI number and phone number, and uploaded it to a server in China.
As Android threats continue to evolve, malware creators are getting increasingly clever about luring users into downloading their malicious creations. In June of this year, a threat called GGTracker presented users with a mobile Web page designed to look like the official Android Market, and prompted them to download a phone battery-saving app. Once installed the app sent premium SMS messages from users' phones, charging rates of up to $40 per message.
In an emerging malware distribution tactic known as an update attack, malware creators weasel their way into the app store with a legitimate app, wait for a significant number of users to install it, and then inject malware into the app via an over-the-air update. The first known example of this, DroidKungFu, was thwarted before it could infect users on the official Android Market. Security analysts at Lookout spotted in on Chinese markets, and then noticed the same writers attempting to post it to the Android Market. Lookout notified Google, and the app was immediately rejected.
Attend Enterprise 2.0 Santa Clara, Nov. 14-17, 2011, and learn how to drive business value with collaboration, with an emphasis on how real customers are using social software to enable more productive workforces and to be more responsive and engaged with customers and business partners. Register today and save 30% off conference passes, or get a free expo pass with priority code CPHCES02. Find out more and register.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.