Malicious Android malware apps tackled by RiskRanker scanner
Unlike Google Bouncer which only scans the Play Store, NQ Mobile's new tool is adaptable for any online market for Android apps
By Antone Gonsalves | CSO | Published: 15:09, 04 July 2012
NQ Mobile is taking the fight against Android malware to online markets, where malicious apps are often disguised as legitimate products or secretly inserted in games, with its new RiskRanker tool.
Rather than attack the problem using traditional antivirus techniques, NQ has introduced a technology that Android app markets could use to continuously scan for malware.
RiskRanker is similar to Google Bouncer, an automated system that looks for known spyware and Trojan horses and also searches for behaviour that would indicate malware.
Related Articles on Techworld
RiskRanker does the same, but is adaptable for use in any Android market. Bouncer works only with the Google Play Store.
The NQ Mobile product analyses the code within apps to look for instructions that would indicate malicious intent, such as searching for and exploiting vulnerabilities within Android to gain root access in the smartphone.
"To the best of my knowledge, RiskRanker is one of the first in this space to identify new threats without using malware samples," Xuxian Jiang, a consultant for NQ Mobile who helped to lead the development team, said. Jiang is a full-time associate professor at North Carolina State University.
Hackers have exploited the limitations of traditional antivirus technology for years. The software uses signatures taken from samples in known malware in order to identify malicious apps. To get around this strategy, cybercriminals constantly rewrite malware, so that antivirus products can't recognise it.
NQ Mobile claims that in recent trials, RiskRanker scanned more than 100,000 apps from a variety of marketplaces and identified 718 instances of malware, including 322 that were previously unknown.
The new product will be sold to Android markets. In addition, NQ Mobile plans to partner with mobile application management vendors to include RiskRanker as a feature in their software consoles, Kim Titus, senior director of communications, said.
3LM, a wholly owned subsidiary of Motorola Mobility, plans to integrate RiskRanker in its products to provide scanning and blacklisting for its business customers.
NQ Mobile provides a free version of antivirus software for Android smartphones, as well as a premium version. The company also sells cloud-based malware detection called Enterprise Shield, which was introduced in June.
Pricing and general availability of RiskRanker were not disclosed. "NQ Mobile is currently exploring global opportunities," a spokesman said.