Android malware spreads via website-injection campaigns
The Android platform continues to be a popular playground for malicious activity, with hijacked websites now being found that spread malware, researchers said Thursday.
According to a Symantec blog post, Android devices are being infected with a trojan thanks to website-injection campaigns that prompt an automatic download of a fake Android security update.
Although there is speculation that the malware is being delivered through drive-by-download attacks, which are transmitted to a victim's computer or device simply by visiting an infected web page, the threat does not fit the classic definition since users have to accept permission prior to installing the phony security update, Liam O Murchu, director of operations at Symantec's Security Response Center, told SCMagazine.com on Thursday.
“This is more of a social engineering attack,” he said. “At the end of the day, the user still needs to see a message and decide if it's something that they want to install or not.”
Once infected, a device may be used as a proxy, authorizing attackers to route traffic through it, O Murchu said. Trojans that have invaded mobile devices typically have been used for financial gain or to access personal data. However, researchers aren't sure that is the case here.
“Maybe they have a scheme in mind that they want to use these phones for at a later point,” he said.
While this is a new threat posed for Android users, the tactics used by the authors of the malware is not, Dan Guido, CEO of New York-based security firm Trail of Bits, said in an email to SCMagazine.com.
“No surprises here,” he said. “In this case, they are just reusing someone else's website instead of running it off their own. If anything, this proves they are even lazier than ever before.”
There is currently no information regarding infection numbers, but there have been close to 1,000 compromised sites that are causing the trojan to spread, O Murchu said.
So far, Android's mobile operating system is the platform of choice for criminal activity, he added. This is aggravated by marketplaces outside of the official Android app store, Google Play, allowing users to install applications that host malicious code.
“That was how a majority of the threats we saw last year were being distributed through Android,” O Murchu said.
Juniper's 2011 security report found that Android malware jumped 3,325 percent compared to 2010.