Android 2012

December 10, 2012

Android devices are the most prevalent smartphones on the market, and the most maligned. Hackers had a banner year in 2012 targeting the mobile platform with a variety of malware and attacks that netted them profit and unprecedented access to mobile devices.


Not only were attackers using commodity SMS Trojans to rack up premium charges for a nice profit, but they expanded their reach with a slew of malicious applications, as well as sophisticated malware that garnered them root access to devices with alarming regularity.

Researchers at Kaspersky Lab said that 99 percent of mobile malware detected every month was written for the Android platform, peaking in the month of May with close to 7,000 unique attacks detected.

The most prevalent by far with the Opfake Trojan, which often infected users who were thinking they were downloading a legitimate application. The malware steals money from victims by sending SMS messages to premium numbers and also collects data about the device for potential later abuse. Most of these types of attacks target users in Russia, Kaspersky said, because it is a popular program among Russian malware writers and provides them with a dependable source of income.

Opfake and Fakeinst, which is also a premium SMS dialer, accounted for almost 50 percent of all Android malware in 2012, Kaspersky said. The next most prevalent was Plangton, which is also spread via malicious applications to display advertisements and provide an attacker with remote access to the device. This kind of root access Trojan, Kaspersky said, was the third most prevalent type of Android malware to surface in 2012.

The core security issue, however, could be traced to the lax security of the Google Play marketplace, especially in comparison to the Apple iOS App Store. Applications can be submitted to the store and once they pass an initial security check, can be modified without additional checks. This enables hackers to modify code on the fly. Google’s Bouncer antimalware scanner, too, has failed to make a significant dent in the number of malicious apps in circulation.

In 2012, we also saw the first mobile botnets. The Foncy IRC bot worked hand-in-hand with a similarly named SMS Trojan. The malware dropped a root exploit for privilege escalation giving the IRC bot remote control over a smartphone, Kaspersky said, via shell commands. Kaspersky said the malware’s Chinese authors built a botnet reaching up to 30,000 devices that ran profitable SMS schemes.

Also in 2012, mobile malware was used in targeted attacks, in particular the Zitmo Trojan. Zitmo, or Zeus in the mobile, is an offshoot of the Zeus banking malware and was used against Android and BlackBerry devices in hacks that would commit fraud against consumer and corporate banking accounts, moving funds to a mule account without the victim’s knowledge.

Espionage was also carried out over mobile devices in 2012, for the first time with any prevalence. Attackers used a variety of backdoors and spyware against corporate users logged location data, tracked the device’s position, made surreptitious calls and sent data to remote servers.

Surely more of the same is in store for 2013 as Android’s market share increases and malware writers find more success infecting phones and turning a quick profit.