Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Android-based malware: the good, the bad and the ugly

Google keeps improving defences but Android fragementation remains a problem

Article comments

When it comes to mobile devices, it's well known that malware writers like to target Android. But a threat report published today by security firm F-Secure puts in perspective why Android malware attacks often flop and why Android itself is no pushover.

In a look back at 2013, the bi-annual report notes that there is "hugely disproportionate attention being directed at the Android platform," with 97% of the new malware threats related to all mobile operating systems targeted at it by the end of last year. However, F-Secure says Google is fighting back with security enhancements to Android. "Each new version released by the tech giant has included a number of security-related changes that help mitigate the effects of malware."

F-Secure points out that in Android 4.3 (Jellybean), "a prompt was introduced to verify activity when the Messaging app sends a large amount of text messages in a short time," as a way to combat SMS messaging fraud. There have been other improvements, but the overall situation with Android today is that security is extremely "variable" because of the "fragmented nature of the Android ecosystem between different device vendors."

This variation in vendor implementation "makes it basically impossible to ensure a uniform security level across all users," according to F-Secure. This means Android device users have to make their own decisions about device security, deciding what kind of security software to use or what apps to run.

According to F-Secure, the good news on Android is that unlike desktop-targeted malware, there is very little Android malware that targets actual vulnerabilities in the operating system. The most notable Android flaw found early last year was the so-called "Masterkey vulnerability" and a handful of programs later found on third-party app sites included an exploit for this vulnerability.

But there have been very few apps exploiting the Android operating system because so far the Android platform had relatively few vulnerabilities. According to F-Secure, only seven vulnerabilities were publicly announced related to Android in 2013 while the Apple iOS platform saw 90 in the same time period.

F-Secure suggests that most malware authors at this point seem more inclined to simply find ways to trick the user into giving them access to the device rather than having to find and design complicated exploitation methods based on vulnerabilities. The Metasploit penetration-testing tool, for example, lists few exploits for the Android platform a hacker might use. But still, if someone wants to go to a lot of trouble, F-Secure points out they can buy attack code created by other people from sites such as Inj3ct0r.

The top three Android malware "families" are considered to be SMSSend; GinMaster; and Fakeinst. The most common types are Trojans that rely on malicious additions injected into the packages of clean, legitimate programs, especially popular gaming and casino apps, which are then distributed in various apps stores. According to F-Secure, these malicious apps often have "a new name reminiscent of the clean app." These malicious apps, typically tied into botnets, essentially represent a new twist on social engineering since they "take advantage of the user's overriding desire to install and use a popular app to gain the permissions needed to execute their malicious behavior." Most of the mobile threats seen in 2013 were financially motivated.

In its report, F-Secure identified the top 20 most popular apps in the Google Play Store and investigated the rate of "trojanization" of these apps, most of them popular games. The good news is that F-Secure found the least likely place that a user would encounter a trojanized app was in the Google Play Store, at a low .1% of the samples examined.

That's because Google Play Store is most likely to "remove nefarious applications, so malware encountered there has a short shelf life," F-Secure says. However, the Android user would be far more likely to find these trojanized apps in the large Android app marketplaces AnZhi, Mumayi, Baidu and eoeMarket, which mainly cater to the mainland Chinese user population.

The worst though, apparently, was a market called Android159, where a third of the samples examined turned out to malware.

Ellen Messmer is senior editor at Network World, an IDG website, where she covers news and technology trends related to information security. Twitter: MessmerE. E-mail:


More from Techworld

More relevant IT news


Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *