Viruses, backdoors, keyloggers and vulnerability Android

Posted: September 12, 2012 in Articles
Tags: ,

Android HackedIn just three years, no one famous mobile operating system of Google, from an outsider into a leader in the mobile OS. But after the popularity came not only famous programmers and virus writers have flooded the Internet lots of malware that can still be found even in the repository Google Play. What is this, a total vulnerability Android or just a consequence of popularity?

The first malicious application for Android was written in June 2010 by researchers from Trustwave company and presented at a conference DEF CON. In August of the same year, “Kaspersky Lab” found the first SMS Trojan for Android called FakePlayer, which devastated the victim’s account by sending short messages to premium numbers. In the following year began a boom viruses for Android of all shades and colorings, viruses are becoming more complex and refined. By the end of 2011, analysts have confirmed that 65% of mobile viruses is hit Android, and the overall growth rate has already exceeded the number of viruses hundred percent.

Since the appearance of the first viruses for Android have been established in almost all the possible types of malicious applications known to man. Notable among them occupied SMS Trojans, as the most simple and effective to make money.

Later, there were full-Trojan applications that allow you to gather confidential information and manage smartphone:

– spyware, actually performing the same role, but is open and legal means;

– application demonstrating hype with services like AirPush, placing advertisements in the notification area of ​​Android;

– bots , backdoors and polymorphic viruses that modify themselves during the download.

The whole zoo has bred for low-quality sites, file sharing, and some instances even get into Google Play (formerly Android Market).

There are lots of ways to spread malicious mobile applications, from warez sites to a repository Google Play, which from time to time are different viruses. Let’s try to classify these paths.

  •  Warez sites. The vast majority of contagion spreads through warez sites. Their owners rarely pay attention to the quality of the software, so an attacker can easily seek the inclusion of infected applications in folders. This approach is most common in China, but the infection is easy to pick up and to the Russian-speaking or English-speaking sites.
  •  Phishing sites. Another popular way to spread viruses. The attacker creates a Web page, copying a popular site and are asked to download the official application. If the user is not careful, he will fall easily into the trap and install a trojan on your smartphone. Possible options copy interface standard Android-apps such as Play Market, but it will fall unless the old woman and the blonde.
  •  Advertising. Many virus writers use to spread their offspring advertising in other mobile applications. You probably noticed that most of the mobile advertising market in Russia are messages like “Update Skype», «1500 free applications for your Android», «Optimize your Sensation» and so on. In most cases, if you click on an ad unit, go over to the web page where you will be offered to download a virus disguised as a legal application.
  •  SMS-mailing. Rather unusual and not very well-known method of sharing Android-infection. Was first used trojan Crusewind, which is installed on your system to send out SMS with a proposal to install a program from the following link to anyone who was in the contact list. Next scenario repeated several times.
  •  Google Play. Malware several times found in the repository of apps from Google (formerly Android Market). For the first time this happened in March 2011, when for a few days in Market found 21 infected trojan DroidDream application. They were disguised as well-known programs, but published only three accounts. For while the Google employees gathered his thoughts, the total number of infected applications to 56, and under the threat were 200,000 units. Finally, thanks to Symantec, Samsung and Lookout, Market has been spared from the plague, and Google has released a utility Android Market Security Tool, with which you can remove the Trojan from the device. Symantec found six months later in Market 13 more applications, trojan infected Android.

Counterclank, which eventually forced Google to take action and start Bouncer – a robot designed to detect and remove malicious applications from Market.

CONCLUSIONS

Android is not as bad as it might seem at first glance. As with any other operating system, it has some security issues, but the wave malware that is increasingly covering it, not due to poor security model, and with the popularity that Android just started to gain in 2011.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s