Sophos Labs, a mobile security company based in United States, has released a list of top five malware threats against Android based mobile devices.
The list has been compiled by examining the statistics produced by installations of Sophos Mobile Security on 5,000 – 10,000 Android smartphones and tablets in 118 different countries.
Contrary to the popular belief, hackers are even luring users into their trap through paid applications.
This has been highlighted by Sophos Mobile Security app for Android. It has detected an app as Andr/PJApps-C which means that the app has been identified that has been cracked using a publicly available tool. Most commonly these are paid for apps that have been hacked. They are not necessarily always malicious, but are very likely to be illegal.
Also known as BaseBridge, this malware uses a privilege escalation exploit to elevate its privileges and install additional malicious apps onto your Android device. It uses HTTP to communicate with a central server and leaks potentially identifiable information.
These malicious apps can send and read SMS messages, potentially costing you money.
In fact, it can even scan your incoming SMS messages and automatically remove warnings that you are being charged for using premium rate services, for which it has signed you up for.
This “Battery Doctor” app falsely claims to save battery life on your Android device. But it actually sends potentially identifiable information to a server using HTTP, and aggressively displays adverts.
Sophos Mobile Security generically detects a variety of families of malicious apps as Andr/Generic-S. These ranges from privilege escalation exploits to aggressive adware such as variants of the Android Plankton malware.
Remember Firesheep? The desktop tool can allow malicious hackers to hijack Twitter, Facebook and Linkedin sessions in a wireless network environment. Andr/DrSheep-A is the Android equivalent of that tool.
Some of the other most commonly-seen Android malware according to Sophos labs are Andr/DroidRt-A which is a set of privilege escalation exploits that can allow someone to obtain root access to an Android device. Also, there is one Andr/Opfake-C which is a fake Opera app which may install other malicious Android packages and send SMS messages to a premium line number, depending on country.
Similar in terms of functionality to Andr/Opfake-C, Andr/Boxer-A malware poses as a fake installer for an Opera browser update, Skype, anti-virus software, Instagram and many other popular apps.
The malware may install other malicious Android packages and – predictably – send SMS messages to premium rate services numbers. It attempts to evade detection by adding a random number of images of “witness from Fryazino” therefore making the APK file binary different every few downloads.
This report comes at a time when Symantec has warned of increased threat to Android platform thanks to its popularity.
“The major mobile platforms like Android have finally become ubiquitous enough to garner the attention of attackers, and as such, Symantec expects attacks on these platforms to increase,” Symantec managing director, sales, India and SAARC, Anand Naik had warned sometime back.
“The numbers of vulnerabilities in the mobile space are rising and malware authors not only reinventing existing malware for mobile devices, but creating mobile-specific malware geared to the unique mobile opportunities,” Naik had added.