Wave of Trojan Attacks Swamp over Android Devices

In recent months a wave of attacks has hit the Android platform and attackers have cranked up production of Trojans and malwares to target Android devices. The recent discovery of several malicious apps available in the Android Market indicates the drawback of it openness and poor monitoring of apps distribution.

According to Vanja Svajcer, Principal Virus Researcher at SophosLabs.

The openness of the platform and the availability of alternative application markets makes Android-based devices more difficult to secure. The whole situation reminds me of Windows some years ago. One keeps wondering if history is repeating again?

Based on the analysis from Lookout, provider of antimalware apps for Android, Blackberry and Windows Mobile handsets, there are malwares that are hidden in legitimate apps by attackers and distributed after repackaging. Once installed, the malware injected apps exploit known vulnerabilities to gain root access to a phone’s most sensitive functions. According to Kevin Mahaffey, CTO and co-founder of Lookout.

The really nasty thing about root exploits is that once you’re root you can do things that disable the remote removal tool.

F-Secure reported that an attacker altered a harmless app that displays pictures of bikini-clad babes into a tool that transparently establishes a rudimentary mobile botnet. On receiving a call the malware transfers the phone’s IMSI, IMEI, SDK Version and information regarding any packages installed to a remote server.

AVG also discovered around 25 Android apps that went rogue over the weekend.  The apps were found to contain a variant of the DroidDream Trojan. AVG told that despite Google’s effort to eliminate the rogue apps, they keep reappearing. AVG has teamed up with Google’s Android security team to deal with the fresh threats. According to AVG’s estimates a combined total of 15,000 mobile phones have been affected by the DroidDream outbreak.

According to a recent security analysis by Kaspersky Labs, most of the similar security issues long prevalent on Windows are reappearing on Android. This is making the platform a paradise for attackers. Security problems are also caused by outdated software running on large amount of Android devices, harboring unpatched vulnerabilities. Kaspersky analyst Yury Namestnikov said.

As with Windows, the most infected computers are those on which users have administrator privileges, the greatest risk of infection is faced by those Android systems which have been jailbroken. Mobile malware communicates with its owners using a method that is widely employed by Windows malware – via command-and-control centers, which will ultimately lead to the emergence of mobile botnets.

A recent McAfee study has a similar assessment as it terms Android as the second most popular environment for mobile malware behind Symbian OS during the first quarter of 2011. It is high time that Google strictly monitors the distribution of apps for its Android Platform before Google’s kill switch can itself be killed.