Android malware spreads via website-injection campaigns

Share this article:

The Android platform continues to be a popular playground for malicious activity, with hijacked websites now being found that spread malware, researchers said Thursday.

According to a Symantec blog post, Android devices are being infected with a trojan thanks to website-injection campaigns that prompt an automatic download of a fake Android security update.

Although there is speculation that the malware is being delivered through drive-by-download attacks, which are transmitted to a victim's computer or device simply by visiting an infected web page, the threat does not fit the classic definition since users have to accept permission prior to installing the phony security update, Liam O Murchu, director of operations at Symantec's Security Response Center, told SCMagazine.com on Thursday.

“This is more of a social engineering attack,” he said. “At the end of the day, the user still needs to see a message and decide if it's something that they want to install or not.”

Once infected, a device may be used as a proxy, authorizing attackers to route traffic through it, O Murchu said. Trojans that have invaded mobile devices typically have been used for financial gain or to access personal data. However, researchers aren't sure that is the case here.

“Maybe they have a scheme in mind that they want to use these phones for at a later point,” he said.

While this is a new threat posed for Android users, the tactics used by the authors of the malware is not, Dan Guido, CEO of New York-based security firm Trail of Bits, said in an email to SCMagazine.com.

“No surprises here,” he said. “In this case, they are just reusing someone else's website instead of running it off their own. If anything, this proves they are even lazier than ever before.”

There is currently no information regarding infection numbers, but there have been close to 1,000 compromised sites that are causing the trojan to spread, O Murchu said.

So far, Android's mobile operating system is the platform of choice for criminal activity, he added. This is aggravated by marketplaces outside of the official Android app store, Google Play, allowing users to install  applications that host malicious code.

“That was how a majority of the threats we saw last year were being distributed through Android,” O Murchu said.

Juniper's 2011 security report found that Android malware jumped 3,325 percent compared to 2010.

Share this article:

Sign up to our newsletters

More in News

BlackBerry acquires voice and data encryption firm Secusmart

On Tuesday it was announced that the phonemaker would purchase the voice and data encryption firm.

OTI report exposes economic costs of NSA spying

OTI report exposes economic costs of NSA spying

A report from New America OTI found that the NSA surveillance program has had a chilling effect on U.S. commerce and foreign policy.

Breach index: Encryption used in 23 percent of Q2 incidents

Breach index: Encryption used in 23 percent of ...

Out of the 237 disclosed data breaches last quarter, encryption was used in only 10 instances.