An Android storm of hurricane proportions is rapidly approaching and about to make landfall. It is destined to wreck havoc on the mobile landscape. The large uptake of Android devices combined with the openness of the operating system has resulted in the platform receiving close attention from criminal groups. The elements have now reached critical mass and malware activity on Android is about to explode.
Having initially gained a foothold in Africa, Android malware is now rapidly spreading on devices around Europe and gathering in other markets such as the US. Already this year, the Android platform has proven to be capable of supporting significant malware functions, such as:
– Stealing contact and personal information and sending it to a Command & Control server
– Opening a back door on the device and sending the IP address to the remote server
– Sending SMS messages to premium numbers
– Sending copies of SMS messages, IMSI and IMEI
– GPS tracking
– Recording calls and uploading to a server
– Rooting the operating system, enabling access to the root and the installation of unofficial applications
– Capturing unencrypted web sessions
– Capability to perform DoS and DDoS
– Capturing keyboard inputs
– Creation of an Android botnet controlled by a Command & Control server
– Disabling AV applications on the device
Many of the above are recognised malware functions on Windows PCs of course. Recently, malware was even found to be hidden inside an update for one of the most popular Android anti-virus applications.
It is commonly regarded that Android is less safe than Apple iOS. This year, more than 95% of all mobile malware targeted Android. Overall, incidents of new Android malware increased 600% during 2012.
Mobile anti-virus measures currently rely on signature-based scanning technology, which suffers from the same shortcomings as it does on the PC – the technology is hopeless at keeping up with the polymorphic nature of viruses and the rapid rate of release of new malware.
Google’s response to the growing storm has been to introduce a malware scanner in Android 4.2. However this proved hopelessly inadequate. A recent study by the Android Malware Genome Project found that Android’s scanner identified only about 15% of known malicious malware submitted. The malware scanner has been described as a “relatively useless placebo” offering “paltry detection”.
An example of the devastating effectiveness of Android malware is the Eurograbber which last week was reported to have already earned it’s controllers $47m stolen from European bank customers. The attack is able to defeat TAN or mTAN two-factor banking measures by intercepting the authentication SMS sent from the bank to the customer. A version of the malware known as ZitMo – Zeus in the Mobile – is also proving effective.
The Android storm about to hit, will not be simply a passing fad, but will herald a new era of intense malware activity in mobile. Sophisticated, advanced, integrated attacks such as Eurograbber centring around Android are bound to escalate exponentially. Criminal gangs are shifting their focus toward this operating system as they recognise that more and more Android users are engaging in online banking, online shopping and other online transactions. It is only a matter of time before Android OS is subjected to the intensity of malware attack only previously seen on Microsoft PC.