Google has become a giant in the smartphone race thanks to its popular Android platform. Many consumers have chosen Android over Apple’s iOS-based iPhone for their mobile needs, which has resulted in Google controlling a majority of the world’s smartphone market share in a relatively short period of time. As is usually the case with popular items in the tech world, cybercriminals have made Android a target of choice, which has put a bit of a damper on the platform’s skyrocketing success.
According to Juniper Networks, Android malware increased a whopping 472 percent between July and November of last year. What’s the reason behind the huge jump? Well, beyond its popularity and widespread presence, Android operates under an open model. The Android Market may be the go-to destination for most users seeking apps for their devices, but apps are also available on third-party markets. Cybercriminals have leveraged this setup by offering free apps on third-party markets that look legitimate, but really are nothing more than vehicles carrying injected Trojan horses. Unsuspecting users then install the free third-party apps, bypassing Android’s integrated antivirus protection.
Google is attempting to clean up Android’s security-deficient image, but that will take some time. As it stands, there are several notorious Trojans in the wild that Android users should be aware of, and the following list details some of the most notable offenders.
If you are looking for the king of all Android Trojans, they don’t get much worse than ZeuS. It specializes in intercepting online banking sessions, and Armstrong calls it the scariest of the bunch. While ZeuS typically terrorized PC-based environments, it hit the Android circuit in July.
The Android version poses as a security application that steals one-time-use banking passcodes. These codes are texted from banks to customers as an extra layer of security. Unfortunately, users on ZeuS-infected Android devices have these passcodes forwarded to a remote server. From there, hackers have the power to transfer money out of the victims’ accounts.
Anserver is a highly sophisticated Trojan that was discovered by Trend Micro last October. Armstrong commented on its complexity and wide range of functionality: “It is designed to make analysis by researchers difficult by containing code obfuscation and signature verification. It's also able to detect and remove some anti-virus applications. It's even able to collect commands from encrypted blog posts. This shows a level of design complexity not often seen in mobile malware, and demonstrates a disturbing development.”
Anserver used a third-party Chinese app store as its avenue for distribution after being embedded in an e-book reader app. Once in action, the Trojan can use the infected device to send and receive text messages, make phone calls, restart apps, and access stored information.
Nickispy is one of the scarier Trojans due to the information it sought. This August spyware discovery recorded phone calls, text messages, and even location information from Android devices via GPS or Wi-Fi network reference.
Such information makes sense for someone seeking an app that plays the role of a private investigator, which translated to Nickispy being advertised as an adultery tracker in some Chinese app stores. Unfortunately, identity thieves saw its capabilities as too hard to pass up, causing them to embed it in corrupted apps. Surprisingly, the Trojan managed to sneak its way into a legitimate version of the Google+ app.
Don’t let the DroidDream Trojan’s name fool you, as it’s more like a nightmare. The Trojan was initially discovered last March and made its way into over 50 apps. Although we mentioned that many Trojans cause troubles in third-party app markets, DroidDream managed to infiltrate Google’s Android Market. Three developer accounts were named as its perpetrators, who added malware to legitimate apps and re-packaged them as new ones with similar names.
Tim Armstrong, an Android malware researcher with Kaspersky lab, said DroidDream’s success came from its existence within apps on the trusted Android Market. Armstrong added that the Trojan’s creators were also helped by the fact that Android apps are relatively easy to take apart, manipulate, and re-assemble.
DroidDream collected user data in the form of numbers used by carriers to identify smartphones and SIM cards. Such data could be used to clone SIM cards, giving cybercriminals the power to pocket money made from sent text messages as well as to access private text messages. DroidDream also had a pair of root exploits that granted escalated privileges on infected devices that could be used for a variety of things. Google removed the Trojan from the Android market shortly after its detection and also cleaned it from users’ devices remotely.
The DroidKungFu Trojan is the perfect example of a nasty threat that uses third-party markets as its method of delivery. It was discovered in a Chinese app market in May, and is known for stealing data and taking control of infected devices via two exploited vulnerabilities. According to Armstrong, the Trojan’s existence was helped by lackluster screening processes in Chinese markets. He added that while earlier instances of DroidKungFu were characterized by several permission requests, more modern versions feature fewer requests to avoid setting off any alarms.
Fakeneflic earns its name from its status as a fake Netflix app for Android. The phony app was discovered last October and was created to steal data. Armstrong described the scheme behind Fakeneflic: “It's a password stealer. It came up with a Netflix splash screen that you would use to log in, then once you did it would crash and take your username and password. It was a first run to collect details.”
While some Trojans, such as Fakeneflic, like to copy legitimate apps, the GGTracker Trojan uses an imitation of the Android Market’s website as part of its scheme. Discovered in June, GGTracker kicked into gear and downloaded once a user visited the phony Android Market site. Users in the United States were the primary targets, and those affected would unknowingly be signed up to various premium SMS services. Any charges made to their subscriptions represented revenues to the Trojan’s creators.
GGTracker makes the list of Most Notorious Trojans since it has adapted and changed its delivery method. A malicious in-app advertisement for a phony item such as a battery saver entices users to click, and once they do, installation of the Trojan takes place.
For more on this topic, visit http://www.securitynewsdaily.com/1382-scariest-android-trojans.html
| DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware. |
More Web Hosting Security Articles
More By wubayou