Android malware is continuing to cause problems for end users with huge amounts of fraud going on, even if we haven’t seen massive outbreaks similar to those affecting PCs, security experts warned today.
Of all Android malware seen in the first half of 2013, 77 percent was profit-motivated, according to F-Secure’s Threat Report released today.
The Stels malware has been one of the most serious fraud threats affecting Android, emerging in late 2012 to steal mobile Transaction Authentication Numbers (mTANs) for banking logins sent over SMS.
F-Secure security advisor Sean Sullivan told TechWeekEurope Stels attacks were originally carried out by one person, who had collected thousands of bots installed on Android devices. “We believe Stels bot is now in the hands of more professional people,” he told TechWeek.
It’s likely there are several authors running different versions of Stels for their own botnet campaigns, the F-Secure report read. The malware has also been seen installing additional software and looking over victims’ phone records.
The Stels botnet operator has added functionality to their malicious network in recent months, including a backup for command and control infrastructure. When they lost control of a C&C domain droiddad.net in May, the bots were coded to report back to a Russian microblogging site, Juick. This meant the operator could direct the bots to a new C&C address.
The BadNews malware is also a cause for concern, F-Secure said, since variants have been found on the official Google Play store, as well as on a variety of third-party run stores from the likes of Baidu and Opera. BadNews, which has been downloaded millions of times, sends device data back to the malware controllers and contacts premium-rate SMS services that earn the attackers money.
Generally, fraud at the mobile level, in particular on Android, is “rampant”, Sullivan added, pointing to the menace of compromised or irresponsible ad networks pushing out malware. “It’s a big chunk of stuff that is potentially unwanted, which is our legal way of saying stuff you really don’t want.”
When looking at all kinds of malicious Android application packages, F-Secure found that between March and July there were 175,000 new samples, totalling over 405,000.
Nearly all (96 percent) of new malware families or variants seen in the first half of 2013 targeted Android.
But, considering single strains of malware in the PC world have infected millions of machines in the past, mobile malware remains a less attractive proposition for cyber criminals.