According to Trend Micro’s Q2 2013 Security Roundup Report, the number of malicious and high-risk Android apps surged from 509,000 in the first quarter of 2013 to 718,000 in the second quarter. This volume is expected to exceed one million by the end of 2013.
“In 2012, we saw how the number of mobile malware quickly grew to the same volume that PC malware took more than a decade to reach. In just six months, number of malicious high risk apps surged by more than 350,000. The majority of these malware were still packaged as spoofed or Trojanized versions of popular apps. Similar to the previous quarter, almost half of the mobile malware uncovered this quarter were designed to subscribe unwitting users to costly services. Almost 99% of Android devices were deemed vulnerable to android master key vulnerability,” said Dhanya Thakkar, Country Manager, India & SAARC, Trend Micro.
The vulnerability allows installed apps to be modified without users’ consent. It further raised concerns about mostly relying on scanning apps for protection, along with the fragmentation that exists in the Android ecosystem. OBAD (ANDROIDOS_OBAD.A) also exploited an Android vulnerability. Once installed, OBAD requests root and device administrator privileges, which allow it to take full control of an infected device. This routine rings similar to PC backdoors and rootkits.
OBAD repeatedly shows popup notifications to convince users to grant permissions. It also makes use of a new obfuscation technique that renders detection and cleanup more difficult to do. The FAKEBANK malware spotted this quarter, meanwhile, spoofs legitimate apps. It contains specific Android application package files (APKs), which it copies to a device’s Secure Digital (SD) card.
Using the APK files, the malware displays icons and a user interface that imitates legitimate banking apps. This technique is reminiscent of PC banking Trojans that monitor users’ browsing behaviors and spoofs banking sites.
Trend Micro also found more fake antivirus (FAKEAV) malware this quarter that even more closely resembled legitimate ones. Targeted attacks found their way to mobile devices as well in the form of the CHULI malware, which arrives as an attachment to spear-phishing emails.