Article

More Android mobile malware surfaces in third-party app repositories

Robert Westervelt, News Director

Several security vendors on Monday reported new mobile malware variants surfaced, targeting users of Google's Android mobile platform.

    Requires Free Membership to View

The main goal of cybercriminals is to target as many devices as possible.

Denis Maslennikov,
senior malware analystKaspersky Lab

In addition to other more sophisticated features, the Android malware uses an old-school technique by including a feature that prompts a victim's smartphone to send costly text messages. The malware was hidden in altered versions of legitimate applications hosted on unregulated third-party Android marketplaces, according to researchers at Symantec Corp.

Symantec said the Android malware, Android.Pjapps, masquerades as a legitimate "Steamy Window" app, but the cybercriminals altered the original app, adding functionality that allows an attacker to build a botnet. Symantec said a malicious service installed with the application that periodically checks a command-and-control server to check and pull down new commands.

Symantec said the hidden malware was also coded to allow an attacker to "install applications, navigate to websites, add bookmarks to the user's browser, send text messages and block text message responses. It also sends sensitive user information back to the attacker."

Android.Pjapps is not the first malware to have botnet-like capabilities. In January, security researchers at mobile security firm Lookout Inc. warned of new Geinimimobile malware, which surfaced in China and also masqueraded in applications on unregulated third-party application repositories.

In addition, China-based NetQin Mobile warned of two new mobile spyware programs, called SW.SecurePhone and SW.Quieting. NetQin said the spyware is mainly distributed in the U.S. Both pieces of malware are hidden in altered applications. SW.SecurePhone was designed to run in the background and can monitor the phone and collect data to save on the SD card. SW.Qieting automatically forwards messages received to a monitoring phone without the user's awareness.

"The data, including messages, call log, location of the phone, recorded sounds around the phone and pictures in the phone, will then be uploaded to a remote server every 20 minutes," NetQin warned.

Mobile malware is increasing in intensity, said Denis Maslennikov, senior malware analyst on Kaspersky Lab's global research and analysis team. In a recent interview with SearchSecurity.com, Maslennikov warned that Malware coders were focusing on the increasing use of smartphones and would likely set their targets on Apple's iOS and Google's Android platforms, because of their rising popularity. While Nokia's popular Symbian OS still has an estimated 40% marketshare globally, many mobile malware writers are writing malicious programs using Java Micro Edition, a popular coding platform that can be supported by multiple platforms including Android.

"The main goal of cybercriminals is to target as many devices as possible, so that's why they choose [Java Micro Edition] which is cross-platform supported," Maslennikov said.

There is plenty of money that cybercriminals can make in with mobile malware, Maslennikov said. In Russia one cybercriminal group recently caused victim's about $1.2 million in damages using mobile malware, he said.

Security experts on Monday warned users of the risk of using unregulated third-party application repositories. It is much safer for users of any smartphone operating system to download legitimate applications from regulated marketplaces.

"Looking at the threat capabilities, Symantec believes it has been designed and may be used to peddle ad campaigns and to obtain benefits from the use of third-party premium rate services at users' expense," Symantec said.

In addition, security experts said users need to pay closer attention to access permissions being requested during installation and deny any requests by the application that seem excessive.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: