Mobile Malware: In the Wild

Introduction:

According to a recent study conducted by the networking company Juniper, mobile malware is on the rise, and malware found in the wild is targeted almost exclusively toward Android devices.

“Theoretical exploits for [Apple] iOS have been demonstrated, as well as methods for sneaking malicious applications onto the [Apple] iOS App Store,” the report says, but criminals have tended to favor Android as their target, because there is less oversight on the process of releasing applications into the wild” [1].

Running older versions of Android with a lack of consistent update support can significantly increase the risk of a device becoming infected. Users are encouraged to update to a newer version of Android if possible (through each device’s update utility).

Mobile Malware Variants:

  1. Installer – app that can install other malicious apps onto your device.
    • Can install adware (displays disruptive ads) as well as additional malware
    • Uses HTTP to communicate with a command-and-control server
    • Can send personally identifiable information back to a server
    • Can send “premium rate” SMS text messages that cost money without user approval and remove the normal warnings that accompany their usage
  2. “Battery Saver”-style apps – apps that make false claims, e.g. to lower your battery usage and save power
    • Can send personally identifiable information back to a server
    • Aggressively displays advertising
  3. Generic – range of possibilities
    • Can escalate privilege to “superuser” and gain access to almost any personal information on the device
    • Can actively and silently collect and monitor user activity/information, including but not limited to:
      • Keystrokes
      • Phone call metadata
      • Contact info
      • Internet browsing history
      • Android OS version info, to identify any further exploits
    • Can appear to be legitimate but directs users to install more innocent-looking malware apps from links in advertisements

Malware Removal Process:

Unfortunately, the only tried and true method for eliminating all traces of malware on an Android device is to perform a factory reset. This will delete all data (contacts, text messages, etc.) on the device and reset all settings to their defaults. The user should ensure that all necessary data on the device is backed up to another drive before attempting this process.

How to Remove Malware on an Android Device (Device Factory Reset):

  1. Open the ‘Settings’ app
  2. Tap ‘Privacy’ (or in some newer models, ‘Backup & reset’)
  3. Tap ‘Factory data reset’ or similar option
  4. Make sure ‘Erase internal storage’ as well as ‘Erase microSD card’ is selected
  5. Tap ‘Erase everything’ or similar option

Note: The factory reset process can take a while (generally between 10 and 30 minutes) and depends on the size of and/or the number of files on the microSD card or internal storage.

Preventing Mobile Malware (Real-time Protection):

As a preemptive measure, users can install one of the many security or anti-malware apps available for Android. This drastically decreases the chances that a user will get mobile malware on their device. Some of the more popular products are listed below:

  • AVG AntiVirus Security (Free, $15 pro version, from Google Play)
  • Lookout Security & Antivirus (Free, from Google Play)
  • BullGuard Mobile Security ($30 for 1-year subscription, from BullGuard’s website)

Even with an antivirus or security suite installed, the best way for users to avoid getting mobile malware is to remain vigilant. When installing apps, the user should be sure to read the description and reviews. If anything looks fake or fishy, it is generally a good idea to avoid installing the app and seek out alternative apps with similar functionality.

References and Further Reading:

http://appleinsider.com/articles/13/05/14/mobile-malware-exploding-but-only-for-android

http://www.androidcentral.com/tags/malware

http://www.nbcnews.com/technology/top-5-android-malware-troublemakers-idd-828191

http://gizmodo.com/5995254/five-simple-ways-to-keep-your-android-malware+free

http://blog.trendmicro.com/trendlabs-security-intelligence/infographic-behind-the-android-menace-malicious-apps/