Android an emerging target for cyber criminals

Growth in malware for the platform a sign of that mobile devices have the attention of attackers

Researchers at Symantec Corp. have seen an increase in malicious code masquerading as legitimate applications for smart phones using the Google Android operating system.

The number of infections does not compare with those in the PC world, said Vikram Thakur, Symantec’s principal security response manager, but the trend is worrisome.

“In the mobile world this is getting more and more common, partly based on the success of the Android platform,” he said. “The numbers are going up from single digits to the thousands, and each of the infected people is possibly looking at a monetary loss.”


Related coverage:

Open-source sore point: No Android for your agency

NIST weighs in on cell phone, PDA security


Although the mobile platform does not lend itself to the kind of high-bandwidth exploitation common among PC-based botnets, such as spamming and denial-of-service attacks, the consumption of extra bandwidth by malware contacting and downloading software from command servers could result in higher bills, Thakur said. “These people could see a loss of hundreds of dollars on a monthly basis until it is cleaned up.”

A representative Trojan threat being studied by Symantec is called Android.Pjapps, which introduces back doors on infected phones. It is delivered through malicious applications that mimic real ones and often provide the same functionality as the legitimate app. But when installed, it requests additional permissions, and when the phone is online it can connect with a command and control server to upload information about the infected device and receive instructions. It can send out text messages and receive or block messages, add URL bookmarks to the browser and direct a browser to a website. It also can install additional software.

The purpose of Android.Pjapps appears to be to build a botnet that can be controlled by a number of different servers, Symantec says.

The Pjapps Trojan is hosted on a Chinese website, and the majority of infections so far probably are in Asia, Thakur said. Android exploits are not yet a mature area. “The botnet was not functional when we received it,” he said. But the malware was in place and ready to be exploited.

What would an Android botnet — a ’droidnet? — be used for? One source of income could be sending messages to premium sites that charge the user’s mobile bill for services or information. Advertising income could be generated by navigating the browser to a website, and phones could be hijacked to make long-distance calls. Although long-distance calls often are free for mobile users in the United States, they still are expensive in many other countries, Thakur said.

Users have the option in the Android operating system of restricting applications to those from authorized marketplaces, but Android does not follow the Apple model, which allows downloads only from the company’s own app store.

“I don’t believe Apple’s model is perfect, but in this case it seems to be doing a better job of keeping malware off the phone,” Thakur said. “Whether it will last or not, I don’t know. In the past we’ve seen threats even on BlackBerrys, even though it was difficult to get it through the corporate platform.”

Unlocking Apple’s iPhone OS, called iOS jailbreaking, to get access to all features, can enable the downloading of additional applications to the phones, iPads, and iPod Touch devices, exposing them to malicious code.

With the growing popularity and power of mobile devices, “I don’t think this is going away,” Thakur said of the threat.

 

About the Author

William Jackson is freelance writer and the author of the CyberEye blog.

Reader Comments

Wed, Mar 2, 2011

Try DroidWall, an Android Firewall is a front-end application for the powerful iptables Linux firewall. It allows you to restrict which applications are permitted to access your data networks http://code.google.com/p/droidwall/

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above