Malware specifically targeted to Android devices is a growing concern as researchers discover new variants of Android malware. Researchers have recently discovered a new variant of the Trojan DroidDream. Google had removed apps from the market that was affected by this Trojan. Google also found out malware that were designed to send premium SMS from the Android phone thus raising the phone bill of the user. Some malware that were discovered were data stealing Trojans that specifically were targeted to steal one time bank SMS pass codes. Google had removed apps that were targeted by malware from Android Market and also removed them other alternative apps market including markets in China.
Lookout, a mobile security firm was first to warn the Android users community about the new variants of the Trojan DroidDream which was named as DroidDream Light. Google had removed the malware from the Android market immediately after the reports. The malware was available for download only for short period and only 1,000-5000 downloads of the malware were recorded.
Lookout has also issued warning about four other applications in the Android market; QuickFallDown, BubbleBuster, Scientific Calculator and Best Compass and Leveler all published by Mobnet. Though these are legitimate apps, users may accidentally download a malware which has a similar name. For example, the legitimate filename of app Best Compass and Leveler may be “com.gb.compassleveler.” The malware with similar name may have a filename such as “com.gb.CompassLeveler”’ Lookout has also reported that variants of DroidDream found in late May and March do not depend on users actions for activation which means they do not required to be launched or started by user in order to execute its malicious code. The malware has the ability to modify the next connection time. The app can command and control the Trojan Distributor server that is used for communication with the malware. The malware can initiate download of other infected apps in the already infected Android device from the Trojan distributor server. The malware can also visit malicious web address and download other infected apps. It also has the capacity to update itself.
Researchers working at North Caroline State University have warned about new Android malware “HippoSMS”. The malware is mainly distributed from alternative apps markets in China. HippoSMS sends text messages to a premium rated number. This Android malware also blocks communication messages sent by telecom service provider that updates and informs the customer about additional charges.
Fortinet, a security firm has discovered a banking Trojan targeted towards Android devices. The malware presents itself as a banking activation application. Once installed it listens to all incoming text messages and forwards them to a remote Web server. Banks generally send one-time pass codes through text message which can be easily seized by this malware.
Android users can protect themselves from malware by exercising caution while downloading apps. They should download apps only from trusted portals or sources on Internet. They should also look for apps and developers rating before downloading the app.
