News

Malware Targeting Android Phones Growing

• By William Jackson
• March 3, 2011

According to researchers at Symantec Corp., Google's Android operating system is increasingly becoming the target of malicious code.

The number of infections does not compare with those in the PC world, said Vikram Thakur, Symantec's principal security response manager, but the trend is worrisome.

"In the mobile world this is getting more and more common, partly based on the success of the Android platform," he said. "The numbers are going up from single digits to the thousands, and each of the infected people is possibly looking at a monetary loss."

Although the mobile platform does not lend itself to the kind of high-bandwidth exploitation common among PC-based botnets, such as spamming and denial-of-service attacks, the consumption of extra bandwidth by malware contacting and downloading software from command servers could result in higher bills, Thakur said. "These people could see a loss of hundreds of dollars on a monthly basis until it is cleaned up."

A representative Trojan threat being studied by Symantec is called Android.Pjapps, which introduces back doors on infected phones. It is delivered through malicious applications that mimic real ones and often provide the same functionality as the legitimate app. But when installed, it requests additional permissions, and when the phone is online it can connect with a command and control server to upload information about the infected device and receive instructions. It can send out text messages and receive or block messages, add URL bookmarks to the browser and direct a browser to a website. It also can install additional software.

The purpose of Android.Pjapps appears to be to build a botnet that can be controlled by a number of different servers, Symantec says.

The Pjapps Trojan is hosted on a Chinese Web site, and the majority of infections so far probably are in Asia, Thakur said. Android exploits are not yet a mature area. "The botnet was not functional when we received it," he said. But the malware was in place and ready to be exploited.

Users have the option in the Android operating system of restricting applications to those from authorized marketplaces, but Android does not follow the Apple model, which allows downloads only from the company's own app store.

"I don't believe Apple's model is perfect, but in this case it seems to be doing a better job of keeping malware off the phone," Thakur said. "Whether it will last or not, I don't know. In the past we've seen threats even on BlackBerrys, even though it was difficult to get it through the corporate platform."

Unlocking Apple's iPhone OS, called iOS jailbreaking, to get access to all features, can enable the downloading of additional applications to the phones, iPads, and iPod Touch devices, exposing them to malicious code.

With the growing popularity and power of mobile devices, "I don't think this is going away," Thakur said of the threat.