Android malware spreads via website-injection campaigns

Share this article:

The Android platform continues to be a popular playground for malicious activity, with hijacked websites now being found that spread malware, researchers said Thursday.

According to a Symantec blog post, Android devices are being infected with a trojan thanks to website-injection campaigns that prompt an automatic download of a fake Android security update.

Although there is speculation that the malware is being delivered through drive-by-download attacks, which are transmitted to a victim's computer or device simply by visiting an infected web page, the threat does not fit the classic definition since users have to accept permission prior to installing the phony security update, Liam O Murchu, director of operations at Symantec's Security Response Center, told SCMagazine.com on Thursday.

“This is more of a social engineering attack,” he said. “At the end of the day, the user still needs to see a message and decide if it's something that they want to install or not.”

Once infected, a device may be used as a proxy, authorizing attackers to route traffic through it, O Murchu said. Trojans that have invaded mobile devices typically have been used for financial gain or to access personal data. However, researchers aren't sure that is the case here.

“Maybe they have a scheme in mind that they want to use these phones for at a later point,” he said.

While this is a new threat posed for Android users, the tactics used by the authors of the malware is not, Dan Guido, CEO of New York-based security firm Trail of Bits, said in an email to SCMagazine.com.

“No surprises here,” he said. “In this case, they are just reusing someone else's website instead of running it off their own. If anything, this proves they are even lazier than ever before.”

There is currently no information regarding infection numbers, but there have been close to 1,000 compromised sites that are causing the trojan to spread, O Murchu said.

So far, Android's mobile operating system is the platform of choice for criminal activity, he added. This is aggravated by marketplaces outside of the official Android app store, Google Play, allowing users to install  applications that host malicious code.

“That was how a majority of the threats we saw last year were being distributed through Android,” O Murchu said.

Juniper's 2011 security report found that Android malware jumped 3,325 percent compared to 2010.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

ISSA tackles workforce gap with career lifecycle program

ISSA tackles workforce gap with career lifecycle program ...

On Thursday, the group launched its Cybersecurity Career Lifecycle (CSCL) program.

Amplification DDoS attacks most popular, according to Symantec

Amplification DDoS attacks most popular, according to Symantec

The company noted in a whitepaper released on Tuesday that Domain Name Server amplification attacks have increased 183 percent between January and August.

Court shutters NY co. selling security software with "no value"

A federal court shut down Pairsys at the request of the Federal Trade Commission.