Researchers at North Carolina State University are looking to boost information sharing about malware targeting Google Android devices by disseminating its Android malware database.
Android threats now reach almost 7,000, with more than 8,000 total mobile malware in our database.
The Android Malware Genome Project was unveiled this week at the IEEE Symposium on Security at San Francisco. Xuxian Jiang, a researcher at NC State who has collected and studied over 1,200 pieces of Android malware is spearheading the project. Jiang and a team are credited with discovering about a dozen pieces of Android malware including DroidKungFu and GingerMaster. The project currently characterizes malicious code from August 2010 to October 2011.
According to a statement describing the need for more Android malware research posted at the Genome Project’s website, “The characterization and a subsequent evolution-based study of representative families reveal that they are evolving rapidly to circumvent the detection from existing mobile antivirus software.” An analysis conducted by Jiang and his team found the best performing Android mobile security software detects nearly 80% of Android malware, while the least performing security apps detect about 20% of malware.
Android malware rising
At Information Security Decisions 2012, Dan Guido put the mobile malware focus on the Android security model and Google’s mobile app vetting process.
Up until this week, Jiang has been releasing the project’s Android malware dataset to a variety of universities, research labs and security vendors. The two security companies that have obtained the dataset include NQ Mobile Inc., based in China and Dallas, and Mobile Defense Inc., based in Cleveland. NQ Mobile sells an Android App to provide antimalware, secure backup and remote wipe capabilities for consumers. Mobile Defense provides a similar service, as well as a mobile device management (MDM) platform for enterprises.
Security firms document steady Android malware rise, better detection
Security experts have noted a steady increase in malware targeting the Android platform. Dan Guido, CEO of research firm Trail of Bits, said recently that Android’s security model makes it easy for attackers to spread malware via malicious mobile applications.
While mobile malware numbers remain low -- about 1% or less of all malware globally -- security researchers say it is important to analyze the malicious code and document the attack techniques to address the growing threat before it becomes a serious problem. The McAfee Threats Report for the First Quarter of 2012 (.pdf) has documented that hundreds of threats in the middle of 2011 have moved into the thousands this year. Part of the reason for the increase is because security firms are getting better at collecting, processing and detecting mobile malware, McAfee said.
“Android threats now reach almost 7,000, with more than 8,000 total mobile malware in our database,” McAfee noted in its report. To put it in perspective, there are 83 million malware samples in McAfee’s database.
The types of malware being detected and analyzed range from backdoor Trojanized malicious apps, to standard premium-rate SMS-sending malware, which has been detected for years on mobile devices, particularly Symbian phones in Asia. McAfee is urging Android users to limit app downloads to the official Google Android market called Google Play. Nearly all of the malware is spreading via third-party Android markets in China and Russia, according to the report.
Most of the malicious code is posing as legitimate applications. U.K.-based security vendor Sophos documented a phony version of the popular photo-sharing app Instagram available at a Russian website. The rogue Instagram application contained an SMS Trojan that sent premium-rate SMS text messages in the background.