The Next Generation Of Android Malware

Infected fake Angry Birds? Autotexting applications that spam dubious Eastern European pay-SMS lines? Here's how the latest Android malware sneaked past Google Play's security. (Hint: Dropbox.)

Android phones are ubiquitous. However, their ubiquity is creating amazing opportunities for bad guys. Over the past few months, criminals have come up with some ingenious Android-based trojans and malware... and more is on the way. The twist? The bulk of malware is in foreign markets, but the same tech used abroad is slowly making its way to the United States.

Chinese security firm NetQin released a report this week claiming that nearly 13 million phones worldwide are infected with malware. One of the biggest problems are Chinese “remote control” malware apps that spam users' phones with junk messages for dubious products. Malware on Android phones has become much more sophisticated in recent months; security firm GFI Labs recently discovered a trojan that burrows within Opera Mini, a popular (and real) Android web browser. Users who install the compromised version of Opera Mini also install a worm called OpFake. OpFake then automatically sends text messages to special pay-SMS lines that cost recipients money.

Most Android malware spotted in the past has been in either the European or Asian markets. Outside of the United States, these pay-SMS lines charge victims' phone bills money for each spam text message their malware sends. J.R. Smith, CEO of security firm AVG, told Fast Company that “Once the additional malware is installed, which has the privileges required to send premium-rate SMS messages, it can become an easy revenue stream for the malware writer. Earlier this year, a Latvian company called A1 Aggregator Limited created fake versions of popular games. When the apps were launched they would appear to crash, but would actually send three premium-rate SMS messages. Independent UK regulatory agency PhonepayPlus fined the company £50,000 for this attack, but this only covered the infection of UK based devices and the infection was known to have been used across multiple other countries.”

For American Android users, the big problem is that trojan apps have been infiltrated Google Play. Several weeks ago, Symantec discovered that more than 50,000 customers downloaded infected Grand Theft Auto and Super Mario Brothers games from Google Play. The games, which were made available on June 24 and not detected until July, spread their nefarious magic via Dropbox.

The malware, called Android.Dropdialer, used the game to download an infected component from a Dropbox folder. Once downloaded, the component repeatedly send text messages to a dicey premium-rate phone number located somewhere in Eastern Europe. If a user downloaded the infected software, their only clue would be an installation screen noting that the game could send “phone calls” and utilize “services that cost you money.” Both of those messages are pretty clear-cut signs that a user has downloaded a trojan. However, there's one problem: Many users don't pay attention to warning screens when they install software.

Another compromised game also takes advantage of user naivete. A recent AVG report detailed how a fully functional malware version of Angry Birds Space made it onto several Chinese app stores. When users downloaded the compromised Angry Birds game, the malware let unknown third parties gain control of their phone and even use it in botnets. As AVG's Yuval Ben-Itzhak puts it,“the Trojan is fully functional which fools users who install it believing it is the real thing and will therefore be less likely to become aware of its malicious activities.”

At the same time, there's a lot of hysteria about Android malware. British telecom giant BT recently had to retract a controversial claim by the head of their global security practice, Jill Knesek, that one-third of all Android apps are infected with malware. ZDNet's Emil Protalinski notes that there's often a hazy distinction between spyware, adware, and malware; even legitimate applications can spam users with dubious ads and many poorly coded apps slow down users' phones to the point where they might as well be malware. Nonetheless, the fact remains that even with Google's excellent security practices, cybercriminals have discovered ways to infiltrate Google Play and Android malware reports are growing at an alarming rate.

For more stories like this, follow @fastcompany on Twitter. Email Neal Ungerleider, the author of this article, here or find him on Twitter and Google+.

[Image: Flickr user Johan Larrson]