Saturday, February 16, 2013

Top Five Android Malware Types


Commonly detected malware on Android
The folks over at Sophos have released a list of common Android malware types showing that cracked apps make up a significant chunk of the Android malware landscape.
Sophos examined statistics collected from users who have downloaded the Sophos Mobile Security app to identify five leading types of malware currently affecting Android devices, Graham Cluley, senior security consultant at Sophos, wrote on Naked Security. The data was collected from Android devices in over 118 countries.
Here at Security Watch, we regularly discuss mobile threats and the importance of securing our smartphones and tablets. Google has always acted swiftly to remove malicious apps from its Google Play marketplace, and in February, introduced "Bouncer," a scanning service that proactively identifies and blocks malicious apps on the market. However, apps may slip past Bouncer, and there are many alternative markets users can go to download potentially dodgy Android apps.
The "volume of malware that we've discovered highlights that mobile security is a real and growing problem, especially on Android," Cluley wrote.
Top Android Malware Types
While there are plenty of apps eavesdropping on SMS messages and transmitting sensitive data back to the command and control server, it appears there most common are cracked apps. See the list for the most common types of Android infections detected by the Sophos antivirus tool.
  • Andr/PJApps-C This category refers to apps that have been cracked using a publicly available tool. The most common example is of a paid version of the app that is now available for free.  They aren't always malicious, but are usually illegal.
  • Andr/BBridge-A BaseBridge uses a privilege escalation exploit to elevate its privileges so that it can download and install additional apps onto the device. BaseBridge also uses HTTP to communicate with a central server and transmit potentially identifiable personal information. BaseBridge can also send and read SMS messages, as well.
  • Andr/BatteryD-A This type of app promises to extend your device's battery life. Instead, "Battery Doctor" sends potentially identifiable information to a server using HTTP and aggressively displays advertisements on the device.
  • Andr/Generic-S The "generic" category included apps that use privilege escalation exploits and aggressive adware (such as Android Plankton).
  • Andr/DrSheep-A Dr.Sheep is the Android equivalent to Firesheep, the Firefox plug-in that allows people to hijack Twitter, Facebook and Linkedin sessions in a wireless network environment.
As always, be safe when browsing online, download apps from authorized sources and scrutinize apps that you install to make sure they aren't asking for excessive permissions. Unlike the PC, it's harder to tell when your mobile device has been infected, so it's worth installing a security app. Lookout for Android is PCMag's Editors' Choice for Android security, there are other tools available from companies such as F-Secure,McAfee, and of course, Sophos.