The second half of 2011 has been an active one for cyber criminals, who have been increasingly looking for chances to set up new scams in the mobile device environment. According to recent Kaspersky Lab internal data, the Android platform has finally established itself as the most popular for mobile malicious programs, overtaking other platforms as well as “generic” Java malware. In September 2011 alone, the number of newly discovered malware for Android-based devices increased by more than 30%. Running parallel to this is another clearly visible trend in mobile malware: more and more often malicious mobile apps are targeting users’ personal data. And in October 2011 the share of particularly Android malicious apps trying to steal personal data went up to 34%. This trend is of course alarming, especially if we take into account that such malicious mobile programs sometimes show up on Android Market.
An example of a malicious app distributed through the official store is Trojan-Spy.AndroidOS.Antammi.b. This program, masquerading as a simple app for downloading ringtones, appeared on Android Market only to be removed after notification from Kaspersky Lab. The “cover” program is designed for users in Russia, who use it to send text messages to a paid service to receive back desired tunes. This activity is perfectly legitimate; however, the malicious payload activity is simultaneously going on in the background. Like traditional “desktop” malware, Antammi.b steals almost everything: contacts, texts, GPS coordinates and even photos. The activity log is then sent to the criminal behind the scam via a simple e-mail message, and the data is uploaded to a server.
The unrequited love-story being played out by the cybercriminal world and the Android platform is not surprising - due to the platform’s leading market share, flexibility and openness, yet at the same time lax control over its software distribution. The result is a share of Android-based malicious programs among all mobile malware currently being higher than 46%, and growing rapidly. More worrying is the fact that, apart from stealing personal data, sending texts, and making calls to premium numbers, mobile malware is also targeting banking services, which often send one-time passwords and confirmation codes to mobile phones. Detailed analysis of such a malicious program – the so-called Zeus-in-the-Mobile – can be found here at Securelist.com.