Free Newsletters :

The Remarkable Rise of Android Malware

Black hatters are rushing to exploit a lucrative new market. Will Google succeed in defending against them?
(Page 1 of 2)

Have you heard this one: You know why the Android droid doesn't have a mouth? Because it wouldn't have much to smile about.

The joke, such as it is, reflects a new truth. While it's safe to say that Android is enjoying considerable success in the mobile marketspace – it’s giving Apple's iOS a run for its money – the platform is also under heavy pressure from different two fronts.

First, there's the ongoing problem of version fragmentation within the platform. Google relentlessly pushes out new versions of the operating system even as handset makers and carriers simultaneously drag their heels over sending these new versions to customers.

The upshot of this is that most Android handset owners are one, if not several, versions behind the latest.

The second pressure on the Android platform is from malware. The bad guys have begun a new land rush into uncharted territory, hoping to cash in on a new gold rush. While fragmentation is undoubtedly a big problem for Google, Android developers and Android users, the malware threat is far more serious because it threatens to undermine confidence in the entire platform. This is especially true when it’s compared to more secure mobile platforms such as iOS and Windows Phone. <P>

But just how bad is the malware threat facing Android? I won't sugarcoat it for you. It's pretty bad.

It started a few months ago when security researchers began seeing rogue apps appear on third-party download site, particularly in Russia. Most of these rogue apps took the form of fake 'free' versions of popular games that had been Trojanized with code. The result was premium rate text messages being sent out behind the handset owner's back. Some the app’s threats were more serious, capable of stealing information from the handset and even recording calls. Fortunately, their reach was limited because they were only available on low-traffic Android app repositories, and as a result handset infections were kept in check.

While the problem was low-key, Google could safely ignore it. Google pointed to the fact that users themselves were just as much to blame for infections because they granted these apps permission to send out text messages and access information stored on the handset.

But then toward the end of 2011 there was a shift. Researchers (and eagle-eyed users) noticed a shift in tactics among Android malware writers. They black hats became braver and began uploading Trojanized apps directly into Google's official Android Market, potentially exposing millions of Android users to malware.

This was a game changer. By targeting the official Android Market, the pool of possible victims was increased hugely. Millions of Android users frequent the Android Market daily, and the lure of 'free' versions of paid games is too much for many. Google's response seemed to be to just delete the offending apps (and the developer accounts associated with them) and pretend that the problem was gone.

On the surface it seemed like Google is playing whack-a-mole with malware and malware developers. Yet behind the scenes the search giant was working on a technology called 'Bouncer' which would scan the Android Market (both existing apps and new apps being submitted) looking for malicious code.

In fact, every app is run on Google’s cloud infrastructure to simulate how the app will run on an Android device. Will Bouncer work? Well, it's better than nothing, but some in the security industry think that it will become ineffective pretty quickly. For example, BitDefender’s chief threat researcher Catalin Cosoi believes that malware writers will find a way to circumvent the screening mechanism:

Cosoi writes: “....based on our experience with malware analysis, malware writers will seek a way around security. For instance, in the PC malware world, we use virtual machines to analyze behavior of different samples we discover. Obviously, in time, malware writers added different routines to detect if the virus runs in a real computer or in a virtual environment, and they modified their software to act legit when running in a control environment. We might see the same phenomenon here, as Bouncer is a service that will emulate all apps uploaded on the Android Market.”

According to Google this technology has been running 'for a while', so it's clear that 'Bouncer' is a work in progress and needs more tweaking. But there's no doubt that it will get better, and that this will make it harder for malware authors to get bad code into the Android Market.

Notice how I said harder, not impossible. Android malware writers are already getting smarter and using advanced techniques such as steganography and polymorphism to make detection harder. Google's going to have to work hard to stay at least one step ahead.


Page 1 of 2

 
1 2
Next Page



Tags: Android, malware


0 Comments (click to add your comment)
Comment and Contribute

 


(Maximum characters: 1200). You have characters left.