Anti-Malware | Archive

Google Android malware on the rise

Published on 13 May 2011 by in Android, Blog, Industry News, Mobile, Threats

A 50,000 surge in Android Market applications in the last year has taken the total number of apps to over 200,000 but has come at a cost – the huge growth has brought with greater attention from cyber criminals with a sharp rise in malicious apps designed to steal user data appearing.

Since the middle of last year there has been a 400% increase in the detection rate of malware on the Google Android platfom, leading to several Android antivirus programs being released onto the market. Some have blamed the open source nature of the Android platform for these figures compared to Apple’s heavily moderated iTunes App store.

These figures were released during a recent mobile security study by Juniper Networks which concluded that the Android Market was the largest distribution network of malware on mobile devices. One particular Android app called DroidDream has been blamed for infecting up to 50,000 Android users before Google could remove the rouge app.

Security firms AVG and Webroot have recently released free and paid versions of their mobile security programs, with software specifically for the Android operating system.

Google activates Android ‘kill switch’ to remotely remove malware

Published on 07 March 2011 by in Android, Blog, Mobile, Security Updates, Threats

Mobile Applications installed on Google Android phones that are infected with Malware have managed to make there way onto some users phones via the Android Market, prompted internet search giant Google to remotely activate a ‘kill switch’ that allows them to remotely destroy the apps in question.

Malware threats on mobile devices are a growing concern in the telecommunications industry, with a increasing number of threats being geared specifically towards the Android mobile operating system.

Google has claimed in a blog post that the applications where removed within minutes, and has now taken further action to prevent these attacks occuring in the future. For the post:

“We are remotely removing the malicious applications from affected devices. This remote application removal feature is one of many security controls the Android team can use to help protect users from malicious applications”

“You may also receive notification(s) on your device that an application has been removed. You are not required to take any action from there; the update will automatically undo the exploit. Within 24 hours of the exploit being undone, you will receive a second email.”

Google says the the kill switch feature has been available to them since 2008, but was only used for the first time in June 2010 on two apps.

Secure your smartphones warns McAfee

Published on 09 February 2011 by in Android, Blog, Guides, Industry News, iPhone, Mobile, Prevention

Leading security software vendor McAfee has warned SMEs to implement measures that encrypt or give the ability to format (erease all data) smartphones and other mobile devices incase they are lost or stolen.

The warning comes of the back of a report issued by the company revealing there were over 20 million new malware threats identified last year alone, many of which are specifically targeted towards mobile devices. The report also makes mention of the Zeus Trojan which successfully infected Bristish Goverment computer networks.

Cheif Technology officer for McAfee Asia Pacific explains:

“You need to look at the risk profile of your devices. First of all, identify what you are doing on that device? What are you actually using it for?”.

“Then you can make a decision about adding security. The first thing I would recommend is that people look at securing the actual data on their device… but that doesn’t mean you have to have a next-generation security product on there.”

“The creators of the Zeus botnet repurposed an old version of a commercial spyware package. Android/Geinimi, a Trojan inserted into legitimate mobile applications and games for the Android platform, was one of the most important threats of the quarter.”

“But this is a scenario that made people stock and look at what was happening. It’s going to get to a situation where people decide they need to add protection to their phones because we’re seeing so much action in this space.”

“You need to make sure that you are using the inherent features of the device. Most smartphones come now with some sort of password identification, and you should configure that and make it strong. Few people actually leverage these features.”

“You also need to make sure that if the device is lost, the data that sits on that device is secure. That’s more important than anything else and is typically overlooked because it’s been so difficult.”

“This year was massive for us, and we’re seeing an average of 55,000 new threats every day. It puts significant strain on the security model people are using, on whatever device they are using.”

First Android Trojan found

Published on 12 August 2010 by in Android, Blog, Mobile, Threats

Researchers at Trend Micro have announced the discovery of the first known Android Trojan running on Google’s Android OS smartphones.

According the Trend Micro, the malware is disguised as a Windows Media Player icon attempts to send text messages via the Short Message Service Center (SMSC). Similair to the Symbian malware that posed as a application that also sent text messages, this new piece of malware obtains permission from the function (android.permission.SEND_SMS) to sent it messages.

According to Trend Micro:

According to advanced threats researcher Ivan Macalintal, the payload of this attack is not new since in the past, we’ve seen mobile threats that perform the same fraudulent routines. “This income-generating scheme is a low-hanging fruit for cybercriminals. What makes it unique is the use of Android as the targeted platform and, with the increasing popularity and usage of Android, we can expect more malicious code served up in that alley.”

Trend Micro products detect this as TROJ_DROIDSMS.A.