Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Cybercriminals honing Android malware skills in Russia

Sophos says the criminals are like other entrepreneurs launching startups

Article comments

The malware business growing around Google Android - now the leading smartphone operating system - is still in its infancy. Today, many of the apps built to steal money from Android users originate from Russia and China, so criminal gangs there have become cyber-trailblazers.

Sophos and Symantec on Wednesday released their latest Android malware discoveries written in Russian. While the language narrows the number of potential victims, the social-engineering tactics used to get Android users to install the malware is universal. The gang tracked by Sophos is using fake antivirus scanners, while Symantec is tracking cybercriminals using mobile websites to offer bogus versions of popular games.

Sophos says the criminals are like other entrepreneurs launching startups. They're starting in Russia, but have far greater ambitions. "I don't think we can say that they're necessarily using it as a testing ground - think of it more as a local business that as it grows may gain multinational ambitions," Graham Cluley, senior technology consultant at Sophos, said in an email interview on Wednesday.

While criminals today are writing consumer-focused apps, it's only a matter of time before the hackers go after corporate data, particularly if the number of people accessing employers' networks with personal devices continue to grow, experts say. Android is the leading smartphone OS.

In the first quarter, 56 percent of the smartphones sold ran Android, compared with 23 percent with Apple iOS, according to the latest figures from Gartner.

The cyber scam tracked by Sophos was reported this week by GFI Lab, which discovered links to the bogus antivirus software on Twitter. Sophos dug deeper and found that the .ru domains pointed to the same Internet protocol address hosted in Ukraine.

When visited, the Web pages serve an Android .apk file that offers an AV scan. If activated, the scan installs an app that uses an icon to trick the victim in to believing it is from Russian security vendor Kaspersky Lab.

Instead of virus protection, the app sends expensive text messages to premium services that charge the Android user through their wireless providers. The malicious code also has the ability to download and install code from the internet.

Symantec's discovery involves the latest version of the Android.Opfake malware the vendor has been following for a while. In the past, the malware masqueraded as an installer for the Opera Web browser or a pornographic movie, and charged the user when either was downloaded.

The latest version is disguised as popular games made available through dummy sites that link back to a central back-end site that acts as a file generator or repository. Bogus versions of Fruit Ninja, SIMS 3, TempleRun and Angry Birds are used to disguise the malware.

Cluley expects these criminal enterprises to expand, once the founders are confident they can scam people in other countries. "What makes money in Russia today, could be used in attacks against American users tomorrow," he said.


More from Techworld

More relevant IT news


Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *