Growing and Evolving Android Malware

Malware obviously has continued to grow and evolve. For personal and business computer users, this is unnerving. However, progress continues to made in the fight against malware.

Although malware has been around for 25-plus years, the first Android malware was discovered in the summer of 2010. Since that time, more than 300 families of malware have surfaced. In addition, the malware ecosystem has followed, something established a few years back by Windows malware.

As imagined, there are many challenges associated with malware. Today, malware is highly sophisticated and, therefore, extremely difficult to detect and remove. In addition, the scale of Android botnets has exploded. With these, Android devices can be controlled similarly to how botnets control personal computers.

Examples of Malware

A prime example of Android malware was discovered in August 2011. Called Ginmaster, the Trojan-type program actually injects itself into a number of authentic applications, which are distributed to Android users through third parties. By encrypting C&C instructions and URLs, implementing polymorphism methods, and using hidden class names, this particular malware became increasingly more resistant in 2012. Soon, Ginmaster was relatively common in malware affecting Windows.

Just one year later, the developers had modified Ginmaster, giving it complex yet subtle encryption and obfuscation. As a result, this malware was more difficult to detect and reverse. Over 4,700 samples of the Ginmaster malware were detected just from February through April of 2013.

Another prime example of malware that has wreaked havoc on Android devices is Andr/GGSmart-A. Although it appears to have only affected people in China, this specific malware is designed to use centralized command and control for all devices infected. For instance, high-priced SMS messages are sent, with the money being charged to the owner of the Android device.

With this malware, premium SMS numbers, affiliate schemes, and content are not only changed but controlled. Because of the way Andr/GGSmart-A works, experts confirm it is very organized and poses a serious risk, more than any other Android malware in history.

Dating back 25 years is another form of malware known as ransomware. This form of malware blocks a device and files from being accessed. Once blocked, ransomware demands the owner of the device to pay a ransom. Initially, this malware affected only PCs, but in 2013, the first attack on an Android device was detected under a hybrid name of Android Defender.

Representing itself as a bogus antivirus/ransomware application, in order for access to the Android device to be restored, the user must pay $99. This malware shows up after logging onto the device, where it appears as a highly professional application that informs the user that Device Administrator privileges are needed.

However, if those privileges are granted, access to virtually all other applications is restricted. Other problems with Android Defender is that it will kill tasks, uninstall applications, make phone calls, change current settings, and even reset the device back to the original factory settings.

Another threat comes from Qadars or Andr/Spy-ABN, which is a bank account theft mechanism. This malware first hit smartphones in 2013. Using social engineering, Man-in-the-Browser attacks against Windows are made, ultimately compromising Android devices and leading to theft using the smartphone. Fortunately, attacks by this malware are minimal, but it too is beginning to spread to Western countries.

The most widely spread malware is known as Andr/BBridge-A, another Trojan-like threat. In this case, privilege escalation is exploited so other malicious applications can be installed on an Android device. There are multiple sub-names of this malware, which started to surface in 2012.

Sadly, hackers have the ability to profit from Android devices, working illegally behind the scenes to capture information, behaviors, and money.

Getting Protection

The most critical thing for any Android user to do is download genuine antivirus software. Although risk still exists from malware because of how aggressive it has become, a blocker will certainly provide the best protection. In addition, antivirus software must be updated regularly in order to continue to fight against criminals.