News

New Android phone malware indicates transition to mobile platform attacks

Robert Westervelt, News Director

Two security firms have discovered new Android phone malware, and although the number of infections is miniscule, researchers said the discoveries

Requires Free Membership to View

are an indication of cybercriminals transitioning to mobile platforms.

The potential for bad guy mischief in this particular area is probably greater on Android than iOS.

Dean Turner, director of Symantec’s Global Intelligence Network 

Lookout Mobile Security Inc. discovered four infected Google Android applications that use a variant of DroidDream. The embedded malware gives cybercriminals the ability to break out of Android’s application security sandbox. It can redirect victims to download other apps from the Android Market or direct them to a location to update the malware.

The infected applications were taken down shortly after they appeared. Lookout estimates that up to 5,000 people may have downloaded the apps, which include two games, a scientific calculator and a compass and leveler utility.  

“Though our analysis is still under way, these applications are likely published by the same author as the original DroidDream malware,” Lookout said in an Android malware security alert posted on its blog. ”With the discovery of this new malware, it is more important than ever to pay attention to what you’re downloading.”

The Lookout security team said any application developed by publisher, “MobNet” could potentially be troublesome. One of the malcious applications “Best Compass & Leveler” is a malicious version of a legitimate application, the firm said, urging users to pay closer attention to the developer of the application prior to downloading apps from the Android Market.

Although mobile malware accounts for less than 1% of malware spotted in the wild, security experts predict that cybercriminals will increasingly target weaknesses in mobile platforms. Google pulled more than 50 applications from the Android Market in March after researchers discovered the first version of DroidDream. The firm also issued an over-the-air update to disinfect devices.

Enterprises need to understand how employees are using their smartphones and identify whether sensitive data is being stored on these devices, said Dean Turner, director of Symantec’s Global Intelligence Network in an interview with SearchSecurity.com.  Turner said the Google Android Market is more open than Apple’s App Store, making it more prone to fraudulent activity.

“The potential continues to exist for a bad guy to sign a certificate and then make changes to a legitimate application, posting it on a legitimate Android Market for download,” Turner said.  “The potential for bad guy mischief in this particular area is probably greater on Android than iOS.”

Zeus variant targets Android users

Network security appliance vendor Fortinet Inc. has discovered a new variant of the Zeus banking Trojan designed to target Android smartphones. The malware poses as a banking activation application, Fortinet said in a blog entry describing Zitmo, the mobile variant of Zeus.

The malware is a SMS-banking Trojan designed to defeat two-factor authentication on smartphones. In addition to running on Android devices, the malware works on Symbian, BlackBerry and Windows Mobile phones.

The application listens to all incoming SMS messages and forwards one-time passwords sent via SMS to a remote Web server. The malware has been targeting smartphones for several months. According to Fortinet researchers Axelle Apvrille and Kyle Yang, the malware is sold in a crimeware toolkit and has surfaced in the wild targeting banking users in Spain.