According to the recently published Kaspersky Security Bulletin 2012, 99% of newly discovered mobile malicious programs target the Android platform, with a very small amount targeting Java- and Symbian-based smartphones. 2012 was the second year to show explosive growth in Android malware. From a negligible eight new unique malicious programs in January 2011, the average monthly discovery rate for new Android malware in 2011 went up to more than 800 samples. In 2012 Kaspersky Lab identified an average of 6300 new mobile malware samples every month. Overall, in 2012 the number of known malicious samples for Android increased more than eight times.
The majority of Android malware can be divided into three main groups according to functionality. “SMS Trojans” drain victims’ mobile accounts by sending SMS texts to premium-rate numbers. Backdoors provide unauthorized access to a smartphone, making it possible to install other malicious programs or steal personal data. Spyware targets the unauthorized collection of private data, such as address books and passwords (or even personal photos in some cases). In the first half of 2012, Backdoors, SMS Trojans and Spyware combined accounted for 51% of all newly discovered Android malware. In the Top Ten chart of Android malware that was blocked by Kaspersky Mobile Security or Kaspersky Tablet Security, SMS Trojans are the most widespread, with applications showing unwanted ads to users in second place. Less widespread but by far the most dangerous are mobile banking Trojans that often work in conjunction with their desktop counterparts, as was the case with Carberp-in-the-Mobile.
The Android platform allows software installation from untrusted sources, and one of the best ways to guarantee an infection is to install programs from suspicious websites. However, malware on the official Google Play application distribution platform is another trend that started in 2011 and continued in 2012, despite Google’s best efforts to reduce cybercriminal activity. One of the most unusual examples of mobile malware in 2012 was the “Find and Call” application that managed to sneak into the Google Play store as well as Apple’s application store.
Notable examples of mobile malware by country:
A. The United States of America – FakeRun “beg-ware”
The FakeRun Android Trojan, one of the most widespread in the United States but also prevalent in other countries of the world, does not steal users’ personal data. It belongs to a vast family of dummy applications that do nothing but display ads that earn money for their creator. One particular malicious program known as Trojan.AndroidOS.FakeRun.a that appeared in Google Play forced users to give it a five-star rating and share information about the app on their Facebook accounts before it would even start. The only thing that users received though was annoying ads.
B. Germany – Plangton Trojan
One of the most popular mobile Trojans in Europe is Trojan.AndroidOS.Plangton.a. To an inexperienced smartphone owner the only evidence of its existence are the ads that appear from time to time and some strange entries in the bookmarks section of the Android web browser. After infection the Trojan connects to a command server and modifies website favorites as well as opening a web page that exposes users to potential online scams.
C. Russia – Premium-rate SMS Trojans
Russia’s mobile Internet landscape is awash with SMS Trojans – malicious programs sending texts to premium-rate numbers that basically steals users’ money. For example, Trojan-SMS.AndroidOS.Opfake.bo disguises itself as an interface skin, but in fact subscribes the user to costly “premium” content.