Android malware spreads via website-injection campaigns

Share this article:

The Android platform continues to be a popular playground for malicious activity, with hijacked websites now being found that spread malware, researchers said Thursday.

According to a Symantec blog post, Android devices are being infected with a trojan thanks to website-injection campaigns that prompt an automatic download of a fake Android security update.

Although there is speculation that the malware is being delivered through drive-by-download attacks, which are transmitted to a victim's computer or device simply by visiting an infected web page, the threat does not fit the classic definition since users have to accept permission prior to installing the phony security update, Liam O Murchu, director of operations at Symantec's Security Response Center, told on Thursday.

“This is more of a social engineering attack,” he said. “At the end of the day, the user still needs to see a message and decide if it's something that they want to install or not.”

Once infected, a device may be used as a proxy, authorizing attackers to route traffic through it, O Murchu said. Trojans that have invaded mobile devices typically have been used for financial gain or to access personal data. However, researchers aren't sure that is the case here.

“Maybe they have a scheme in mind that they want to use these phones for at a later point,” he said.

While this is a new threat posed for Android users, the tactics used by the authors of the malware is not, Dan Guido, CEO of New York-based security firm Trail of Bits, said in an email to

“No surprises here,” he said. “In this case, they are just reusing someone else's website instead of running it off their own. If anything, this proves they are even lazier than ever before.”

There is currently no information regarding infection numbers, but there have been close to 1,000 compromised sites that are causing the trojan to spread, O Murchu said.

So far, Android's mobile operating system is the platform of choice for criminal activity, he added. This is aggravated by marketplaces outside of the official Android app store, Google Play, allowing users to install  applications that host malicious code.

“That was how a majority of the threats we saw last year were being distributed through Android,” O Murchu said.

Juniper's 2011 security report found that Android malware jumped 3,325 percent compared to 2010.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters


More in News

Information sharing requires breaking down barriers, White House cyber guru says

Information sharing requires breaking down barriers, White House ...

The White House has advanced an agenda to promote and facilitate information sharing on security threats and vulnerabilities.

Worm variant of Android ransomware, Koler, spreads via SMS

Worm variant of Android ransomware, Koler, spreads via ...

Upon infection, the Koler variant will send an SMS message to all contacts in the device's address book.

Patch for Windows flaw can be bypassed, prompts temporary fix from Microsoft

Patch for Windows flaw can be bypassed, prompts ...

The Windows zero-day received a patch last week, but the fix can still be bypassed by crafty attackers.