Android Under Attack

The good old days, when the owners of mobile phones and smartphones had little to fear from malicious programs and could keep all their personal info in their devices’ memory, are gone. Today, such blissful freedom is only possible for the owners of Apple iPhones – and even then there are certain caveats. But, for those using Android devices, the situation is already serious: the number of malicious programs designed for this popular platform increased by over 200 times in 2011 alone.

The number of malicious programs for Android continues to grow steadily. The largest single slice of them is made up of Trojans designed to steal personal information from users’ devices. And there most definitely is something worth stealing from personal devices:  According to research by Harris Interactive, 17% of all smartphone owners store their passwords and login information in the device memory, while 18% of tablet users keep this type of data on their devices.

Equally popular are the backdoors designed to gain remote access to a device to steal data and install other malicious programs. Typically, they manage to get administrator (or ‘super-user’) rights and enable cybercriminals to remotely control the device. Notably, SMS Trojans that secretly send messages to premium rate numbers, are a major portion of this group. The malware family Foncy is the most notable example of this type of Trojan – it originally targeted users from Western Europe and Canada, then spread its coverage to the USA, Sierra Leone and Morocco.

Infection vectors

How can your smartphone or tablet be infected with malware? When spreading malware, cybercriminals prefer to stick to tried and trusted methods. You might be prompted to download a program from a dubious source that will allegedly update your mobile browser. Malicious links are sent in spam messages and viruses can be distributed from infected websites. In 2011 the number of backdoors enabling cybercriminals to gain super-user rights and, consequently, the ability to infect the computer with any virus or Trojan, grew significantly. In this respect, the threats designed for Android are not much different from the threats for PCs. Nevertheless, some differences do exist.

Cybercriminals love to offer their infected programs directly through the Google Play applications store (previously Android Market). The first case of this was reported back in March 2011, and since then malware has appeared regularly in this online store. A combination of insufficient analysis of the apps
on Google Play and customers’ continuing confidence in it as a safe source of software, means malware can survive there for days – sometimes weeks – infecting many devices.

There are also some highly unusual ways of spreading malware via QR codes.It’s all quite straightforward: The user recognizes the QR code with the help of the device’s camera, receives a link and opens it in his browser. At this point the advertised website or software may turn out to be nothing more than an SMS-Trojan.

How do you protect your mobile data?

Since it is easy to get infected with mobile malware, and hard to recognize that the infection has occurred, best practice is to use dedicated solution to fight Android threats. Kaspersky Lab products Kaspersky Mobile Security and Kaspersky Tablet Security can help to find and neutralize all widespread malicious programs for Android. On the whole, using antivirus software is the best way to ensure protection against the theft of any personal information. Unfortunately, though, few users currently use these – only 28% of smartphone users and 44% of tablet users are properly protected. Therefore, it is highly likely that this coming year we will hear not only about new Trojans, but also new botnets, which will outstrip RootSmart in terms of the number of the affected mobile devices. In the following posts we will describe the mobile security products from Kaspersky Lab in greater detail.