More apps have been yanked out of the Android Market after they were found to contain malicious code. Again it seems that modified versions of existing apps found their way into the Market and again these apps have sent personal data to places you wouldn’t want it going to.
Although the apps affected include “Hot Girls”, “Sex Sound” and “Sexy Legs”, there are more useful apps including “Volume Manager”, “Contact Master” and “System Info Manager”.
We would echo the advice of security firm “Lookout” who state …
– Only download apps from trusted sources, such as reputable app markets. Remember to look at the developer name, reviews, and star ratings.
– Always check the permissions an app requests. Use common sense to ensure that the permissions an app requests match the features the app provides.
– Be alert for unusual behavior on your phone. This behavior could be a sign that your phone is infected. These behaviors may include unusual SMS or network activity.
– Download a mobile security app for your phone that scans every app you download to ensure it’s safe. Lookout users automatically receive protection against this Trojan.
The first point is especially true. Check the publisher and star rating, plus the “maturity” of the app. Today McAfee have also announced that Android has become the “second most popular malware environment” …
As Android devices have grown in popularity, the platform solidified its spot as the second most popular environment for mobile malware behind Symbian OS during the first three months of the year… most Android devices allow the “side-loading” of apps and are not restricted to getting them from a centralized app store, and there is no centralized place where Google can check all apps for suspicious behavior.
The arguments for and against such an “open” application marketplace will no doubt continue for some time yet…
McAfee Q1 Threats Report Reveals Surge in Malware and Drop in SPAM
Symbian and Android the most popular mobile malware environments; Spam dips due to Rustock takedown
SANTA CLARA, Calif. – June 1, 2011 – McAfee today released the McAfee Threats Report: First Quarter 2011. With six million unique samples of recorded malware, Q1 2011 was the most active first quarter in malware history. The report revealed many of the trends that had a significant impact on the threat landscape, such as the takedown of the Rustock botnet, which resulted in spam remaining at its lowest levels since 2007, and confirmed that mobile malware is the new frontier of cybercrime.
“The Q1 Threats Report indicates that it’s been a busy start to 2011 for cybercriminals,” said Vincent Weafer, senior vice president of McAfee Labs. “Even though this past quarter once again showed that spam has slowed, it doesn’t mean that cybercriminals aren’t actively pursuing alternate avenues. We’re seeing a lot of emerging threats, such as Android malware and new botnets attempting to take over where Rustock left off, that will have a significant impact on the activity we see quarter after quarter.”
Busiest Quarter in History for Malware
With more than six million unique malware samples in Q1, this period far exceeds any first quarter in malware history. February 2011 saw the most new malware samples of the quarter, at approximately 2.75 million. Fake anti-virus software had a very active quarter as well, reaching its highest levels in more than a year, totaling 350,000 unique fake-alert samples in March 2011.
Malware Attacks on Android Devices
Malware no longer affects just PCs. As Android devices have grown in popularity, the platform solidified its spot as the second most popular environment for mobile malware behind Symbian OS during the first three months of the year.
A McAfee Labs mobile application security whitepaper, released today in conjunction with this McAfee Threats Report, discusses how most Android devices allow the “side-loading’ of apps and are not restricted to getting them from a centralized app store, and there is no centralized place where Google can check all apps for suspicious behavior. (See Downloading from Mobile App Stores Is a Risky Business.) The researcher Lompolo recently found a series of Android applications carrying backdoor Trojans in the Android Market, and with the estimated download rate of tens of thousands to the hundreds of thousands, the number of users who could be affected is significant. In Q1 2011 McAfee Labs found that the most prominent types of Android mobile malware were Android/DrdDream, Android/Drad, Adnroid/StemySCR.A and AndroidBgyoulu, which affected everything from games to apps to SMS data.
The cybercriminals behind the Zeus crimeware toolkit have also directed attacks toward the mobile platform, creating new versions of Zitmo mobile malware for both Symbian and Windows Mobile systems to steal user bank-account information.
Rustock and Zeus Takedowns Result in Spam Decline
The takedown of the Rustock botnet resulted in the shutoff of major zombies and command structures that caused spam volumes to fall all over the world. Spam, which has been at its lowest levels since 2007 in the past few quarters, significantly dropped once again to less than half of what it was only a year ago—at approximately 1.5 trillion messages per day, outnumbering legitimate email traffic by only a 3:1 ratio.
Although Zeus botnet development has declined, the author has apparently shifted efforts to merging the Zeus source code with the SpyEye botnet, resulting in large-scale threats affecting banking and online transactions. As of March 2011, the most recent SpyEye botnet can thrive on more than 150 modules, such as USB thumb drives, instant messaging and Firefox certificates.
Spam may be at its lowest levels in years, but many botnets are in the position to fill the gap left by the decline of Rustock and Zeus; the competition includes Maazben, Bobaz, Lethic, Cutwail and Grum. There was a strong uptick in new botnet infections toward the end of Q1, most likely due to the reseeding process, where cybercriminals slow down activity in order to spend time rebuilding botnets. The botnet takedowns have resulted in an increase in the price of sending spam on the underground marketplace, showing the laws of supply and demand also apply to cybercrime.
Cybercriminals often disguise malicious content by using popular “lures” to trick unsuspecting users. Spam promoting phony or real products was the most popular lure in most global regions. In Russia and South Korea, drug spam was the most popular; and in Australia and China, fake delivery status notifications were among the most popular. Q1 also brought a new trend among “banker” Trojans, malware that steal passwords and other data, that use popular lures in their spam campaigns such as UPS, FedEx, USPS and the IRS.
McAfee Labs saw some significant spikes in malicious web content that corresponded with high-impact news events such as the Japanese earthquake and tsunami and major sporting events, with an average of 8,600 new bad sites per day. In the same vein, within the top 100 results of each of the daily top search terms, nearly 50 percent led to malicious sites, and on average contained more than two malicious links.
For more information on trends related to cybercrime, hacktivism, web threats, vulnerabilities and network attacks, please download a full copy of the McAfee Threats Report: First Quarter 2011.