Android still the Number One target, Malicious Android apps hits 10 million

07/02/2014

Kaspersky Lab reveals that cyber-scammers are continuing to focus their attention on Android mobiles, based on their recent report that the number of malicious Android apps out there topped the 10 million mark.

Android-vulnerability-red

“In terms of the mobile operating systems that are being targeted by malware, nothing has significantly changed in 2013. Android is still target number one, attracting a whopping 98.05% of known malware. The reasons for this are Android’s leading market position, the prevalence of third party app stores and the fact that Android has a rather open architecture, making it easy to use for both app developers and malware authors alike. We do not expect this trend to change in near future.” it said in the Kaspersky Security Bulletin 2013 report.

On January 30, 2014, the official Google Play market offered 1,103,104 applications according to the statistic from Appbrain. Alternative, unofficial stores have many more – and these are more likely to be malicious. Kaspersky Lab has now logged 10 million dubious apps, as cybercriminals use also legitimate Android software to carry their malicious code.

In most cases malicious programs target the user’s financial information. This was the case, for example, with the mobile version of Carberp Trojan that originated in Russia. It steals user credentials as they are sent to a bank server. According to Kaspersky Lab experts, the majority of malicious Android applications are currently developed in Russia.

Some of the significant events in 2013 revealed in the Kaspersky Security Bulletin 2013 report:

Mobile Banking Trojans- These include mobile phishing, theft of credit card information, from a bank card to the mobile account and finally to a QIWI wallet. In 2013 we also saw mobile Trojans which could check on the victim’s balance to ensure the maximum profit.
Mobile Botnets- Botnet functionalities offer greater flexibility in illegal money-making schemes. This trend has now reached the mobile world and is here to stay. According to our estimates, about 60% of mobile malware includes elements of large or small botnets.
Backdoor.AndroidOS.Obad- This malware is probably found to date, including a staggering total of three exploits, a backdoor, SMS Trojan and bot capabilities and further functionalities. It’s a kind of Swiss Army knife, comprising a whole range of different tools.
Using GCM to control botnets– Cybercriminals have discovered a way to use Google Cloud Messaging (GCM) to control zombie devices in a botnet. This method is used by a relatively small number of malicious programs, but some of them are widespread. The execution of commands received from GCM is performed by the GCM system and it is impossible to block them directly on an infected device.
APT attacks against Uyghur activists- We’ve seen both Windows and Mac OS X malware deployed against . PDF, XLS, DOC and ZIP files were sent in e-mails to perform the attacks in the past. APK files have now been added to the arsenal, spying on the personal information stored on the victim’s device and also transmiting its location.
Vulnerabilities in Android- In a nutshell, we have seen exploits targeting Android for three purposes: to circumvent Android’s app integrity check on installation (also known as master key vulnerability, to gain enhanced rights, and to hinder the analysis of an app. The latter two types were also used in Obad.
Attacks on PCs through an Android device- While we have seen PC malware that can infect smartphones, we have also come across that does it the other way round. When an infected Android device is connected to a PC in the USB drive emulation mode, its malicious payload is launched.