Subscribe

Android under attack

Christine Greyvenstein
By Christine Greyvenstein, ITWeb journalist.
Johannesburg, 13 Jun 2013
Philip Pieterse, security consultant with the SpiderLabs team at Trustwave, says the Android platform continues to be the main focus of malware.
Philip Pieterse, security consultant with the SpiderLabs team at Trustwave, says the Android platform continues to be the main focus of malware.

Researchers at Kaspersky Lab recently dissected what they deem to be the most sophisticated attack on smartphones running Android.

With the exponential growth rate of Android, Kaspersky says the OS is becoming increasingly vulnerable to attacks of this nature.

Kaspersky Lab expert Roman Unuchek posted on the Securelist blog that a DEX file turned out to be a multifunctional Trojan, called Backdoor.AndroidOS.Obad.a.

Unuchek says the cyber criminals found two errors in the Android operating system. The first relates to the processing of the AndroidManifest.xml file, which exists in every Android app and is used to describe the app's structure.

He adds that other previously unknown errors in the Android OS give malicious applications access to extended device administrator privileges, without appearing on the list of applications which have such privileges.

Further analysing the attack, security consultant with the SpiderLabs team at Trustwave, Philip Pieterse, says the Trojan in question holds many serious dangers for the affected Android user. "It sends SMSes to premium-rate numbers, which results in a costly bill at the end of the month. It will download other malware, install the downloaded malware on the infected device and spread it via Bluetooth to nearby devices."

He says the Trojan is not only complicated, but the malware is also difficult to find. "Once the Trojan is installed on your device, you will only notice something when it is too late."

Pieterse says it's fair to say this is the first attack of its kind to be seen on the Android platform and these types of sophisticated attacks were traditionally only seen in normal computer-based Trojans.

"Google will have to send out some security patches as soon as possible to avoid infection. Google did introduce Bouncer in the first quarter of 2012. Bouncer automatically scans applications in the Google Play store for the presence of malware or malicious behaviour."

Operating risks

Pieterse says the Android platform continues to be the main focus of malware and adds that last year, Trustwave's malware collection for Android grew 400%, from 50 000 to 200 000 samples.

"All vendors routinely issue operating system updates, but device manufacturers often don't roll out these updates. This issue is most prevalent with Android; device carriers are reluctant to make new versions of the OS available to users of older devices. Some estimates indicate that at least 90% of Android owners are vulnerable to known flaws because they can't update their operating system," he says.

Pieterse says while most malware takes advantage of Android, some malware appeared in the Apple iTunes Store this year. "All the malware discovered there was quickly removed."

He adds there was a common misconception that BlackBerry is immune against malware. "They are in fact being targeted by several new variants of the Zeus family of malware."

Pieterse says malware was not that common on Windows 8. "But this may change quickly as the operating system gains market acceptance."

Share