Most mobile malicious software comes from third-party or unofficial markets. The 5033 malware samples analyzed by the labs between April 27 and June 27 of this year included the first ever mobile malware in the wild that uses the highly effective “drive-by download” method. If an Android device was configured to allow installations by unknown sources, this malware—called Trojan-Proxy:Android/NotCompatible.A—downloads and waits to be installed. If the user is tricked into installing the file by the software’s name, which includes “update,” “security” or both, the device becomes part of a bot network.
Websites aren’t the only new way to infect Android devices. Twitter, the mini-blogging phenomenon that has flourished on mobile phones, is being used as a method of infecting mobile devices. New malware variant Cawitt.A accesses a Twitter account to get a server address, which it maintains contact with. When it receives instructions, the malware sends out SMS messages to certain numbers, and forwards data on the device’s International Mobile Equipment Identity (IMEI) number, phone number, and Android ID to the server.
Of the variants discovered this quarter, 39 were profit-motivated. This matches a peak reached in the third quarter of last year and speaks to why mobile malware is advancing. Authors are finding new ways to use target users including attacks that target specific regions. In Spain for instance, there were several reports on banking-related attacks, which offer the promise of major monetary reward for the most sophisticated online criminals.
Have we reached a point in time when using an Android without mobile security software is as unthinkable as surfing the net on an unprotected PC?