A security company has identified five leading types of malware in the wild that could be dangerous to Android phone and tablet users, including one that snags personally identifiable information and another that can send and read text messages.
SophosLabs said Thursday it examined statistics from the installations of its Android mobile security app on devices in 118 countries, and the “volume of malware that we’ve discovered highlights that mobile security is a real and growing problem, especially on Android,” said Graham Cluley, senior security consultant at Sophos.
“Criminals are creating more and more targeted malware for different platforms, and smartphone users need to wise up to the fact that security is no longer limited to PCs, but mobiles and tablets are also at risk if not sufficiently protected.”
There are now more than 460,000 apps in the Google Play market for Android, according to AppBrain, although there are other sources for downloading Android apps. And it is those other sources than can cause trouble.
Chet Wisniewski, senior security advisor at Sophos, told msnbc.com that most users get infected when they “side-load” apps. “This is the act of loading programs from non-official sources … Often they are ‘paid’ apps offered for free by pirates who load them up with mobile Trojans.”
Naturally, there isn’t any obvious way to know when you’ve been infected, he said. “You might find out when charges appear on your mobile phone bill, or if your accounts start to become compromised. The best approach is to run security software on your phone to screen for anything malicious.”
In February, Google introduced “Bouncer,” a scanning service designed to identify malicious apps in Google Play. But recently, two security researchers crafted a malicious Android app called HelloNeon to the Play Market, and the app made it through Bouncer’s scan untouched.
We asked Google for comment about Sophos’ findings, and will update this post when we hear back. But when Bouncer was introduced, Google vice president of Android engineering Hiroshi Lockheimer wrote on the company’s blog that:
While it’s not possible to prevent bad people from building malware, the most important measurement is whether those bad applications are being installed from Android Market – and we know the rate is declining significantly.
Sophos said among the most frequently found types of Android malware in the wild were these:
1. Andr/PJApps-C. “Most commonly these are paid for apps that
have been hacked. They are not necessarily always malicious, but are
very likely to be illegal.”
2. Andr/BBridge-A. This one can “install additional malicious apps
onto your Android device. It uses HTTP to communicate with a central
server and leaks potentially identifiable information.
“These malicious apps can send and read SMS messages, potentially
costing you money. In fact, it can even scan your incoming SMS messages
and automatically remove warnings that you are being charged a fee for
using premium rate services it has signed you up for.”
3. Andr/BatteryD-A. “This ‘Battery Doctor’ app falsely claims to save battery life on your
Android device. But it actually sends potentially identifiable
information to a server using HTTP, and aggressively displays” advertising.
4. Andr/Generic-S. “These range from privilege escalation
exploits to aggressive adware such as variants of the Android Plankton malware.”
5. Andr/DrSheep-A. “Remember Firesheep?
The desktop tool that can allow malicious hackers to hijack Twitter,
Facebook and Linkedin sessions in a wireless network environment?
Andr/DrSheep-A is the Android equivalent of the tool.”
Sophos does have a free anti-malware program for Android users. Whether you choose it or another company’s, the time has definitely come to get protection.