Android Malware Surge Needs Vendor Action, Says Report

Total Defense, a malware detection and anti-crimeware specialist, has revealed in a new report that the surge in malware targeted at Android devices has surpassed the Android operating system’s rise in market share.

The “2011 Internet Security Threat Intelligence Report” reveals that, in total, more than 25 times more Android Malware was identified in 2011.

Malware Identified

The study identified and analysed the most notorious Android malware in 2011 that used social engineering tricks to lure users, such as AndroidOS/Foncy, a Short Message Service (SMS) Trojan that differentiates itself from others in this category by choosing different destination message centres based on country code and AndroidOS/Dogowar, a Trojan created by malware authors socially motivated to stop animal cruelty.

Other malware cited in the report includes AndroidOS/Fakeneflic.A, a Trojan belonging to the InfoStealer category that tricks users by disguising itself as popular software that requires log-in credentials. If the user is successfully tricked, the entered credentials will be posted to a hosted Website. AndroidOS/WalkSteal.A, a unique SMS Trojan created with the intention to “teach” a lesson to the users who are interested in using pirated applications, was also cited, as well as AndroidOS/FakePlayer.A, an SMS Trojan that uses a familiar social engineering trick of disguising itself as a media player. When executed, it sends four SMS texts to a premium number.

One final piece of malware also showed up in the study, AndroidOS/Golddream.A, a Trojan that disguises itself as gaming applications whereupon it monitors and records information about incoming/outgoing calls, incoming SMS communications in plain text files that are uploaded to a hard-coded URL.

“This past year can be viewed as the year of Android malware with more than 9,000 escalations, clearly illustrating the exponential growth of threats targeting this platform,” said Paul Lipman, CEO at Total Defense. “The rise of Android malware opens up an interesting debate about security architectures and the merits of open versus closed systems. While users have the ability to install any code, from anywhere, the problem is that criminals see this as an advantage, too.”

The report also details that the movement toward the “app-paradigm,” whereby PCs become more appliance-like and only authorised applications can be installed and run, can dramatically decrease the attack surface for digital devices.

Vendor Action

The Total Defense research team suggested major platform vendors can do more.

Microsoft can lock down Windows 8 to a greater extent on the PC by enticing more Metro App development, and Google can better secure Android Apps by offering certified applications via their Android Marketplace.

“The malware landscape is changing at a rapid pace with cyber-criminals producing new malware variants at an exponential rate,” said Lipman. “The proliferation of consumer digital devices for convenient Internet access, coupled with our global socioeconomic climate, continues to serve up a perfect storm for online criminal activity. Our goal is to empower end-users with solutions that can provide them complete protection in this dangerous digital world.”

In addition, the report chronicles the acts of hacktivism that have transpired over the past year, including activity by well-known groups LulzStorm, Anonymous and LulzSec. The report covers specific activity around organised crimeware, including the high-profile, successful takedowns of the large-scale DNS-Changer, Rustock and Coreflood Botnets, as well as the arrest of the co-founder of ChronoPay, a Russian online payment processor, which processed the sales of leading FakeAV.

While law enforcement and cloud security controls have put a dent in large-scale malware attacks in 2011, threats remain extremely high, the report concluded.

How well do you know Internet security? Try our quiz and find out!