As per findings of the Kaspersky Security Bulletin 2012, ninety-nine percent of newly discovered mobile malicious programs target the Android platform, while only a very small amount targets Java and Symbian-based smartphones. The report found that 2012 was the second year to show explosive growth in Android malware. From a negligible eight new unique malicious programs in January 2011, the average monthly discovery rate for new Android malware in 2011 went up to more than 800 samples. In 2012, Kaspersky Lab identified an average of 6300 new mobile malware samples every month. Overall, in 2012, the number of known malicious samples for Android increased more than eight times.
Growing malware on Android
The majority of Android malware can be divided into three main groups according to functionality. Elaborating further, the report adds that “SMS Trojans” empty victims’ mobile accounts by sending SMS texts to premium-rate numbers. Backdoors provide unauthorised access to a smartphone, making it possible to install other malicious programs or steal personal data. Spyware targets the unauthorised collection of private data, such as address books and passwords (or even personal photos in some cases).
In the first half of 2012, Backdoors, SMS Trojans and Spyware combined accounted for 51 percent of all newly discovered Android malware. In the Top 10 chart of Android malware that was blocked by Kaspersky Mobile Security or Kaspersky Tablet Security, SMS Trojans emerged to be the most widespread, with applications showing unwanted ads to users in second place.
Less widespread but by far the most dangerous are mobile banking Trojans that often work in conjunction with their desktop counterparts, as was the case with Carberp-in-the-Mobile.
The Android platform allows software installation from untrusted sources, and one of the best ways to guarantee an infection is to install programs from suspicious websites. However, malware on the official Google Play application distribution platform is another trend that started in 2011 and continued in 2012, despite Google’s best efforts to reduce cybercriminal activity. One of the most unusual examples of mobile malware in 2012 was the “Find and Call” application that managed to sneak into the Google Play store as well as Apple’s app store.
The FakeRun Android Trojan, which is one of the most widespread in the United States but also prevalent in other countries of the world, does not steal users’ personal data. It belongs to a vast family of dummy applications that do nothing but display ads that earn money for their creator. One particular malicious program known as Trojan.AndroidOS.FakeRun.a that appeared in Google Play forced users to give it a five-star rating and share information about the app on their Facebook accounts before it would even start. The only thing that users received though was annoying ads.
One of the most popular mobile Trojans in Europe is Trojan.AndroidOS.Plangton.a. To an inexperienced smartphone owner, the only evidence of its existence are the ads that appear from time to time and some strange entries in the bookmarks section of the Android web browser. After infection, the Trojan connects to a command server and modifies website favourites as well as opening a web page that exposes users to potential online scams.
Russia’s mobile Internet landscape is awash with SMS Trojans – malicious programs sending texts to premium-rate numbers that basically steals users’ money. For example, Trojan-SMS.AndroidOS.Opfake.bo disguises itself as an interface skin, but in fact subscribes the user to costly “premium” content.