Android Drive-By Malware

The Final Frontier

At last, drive-by malware arrives on Android.

Since 2008, users of the Android mobile operating system have enjoyed relatively little scandal when it came to the security and stability of their devices, with the exception of a few Gingerbread exploits. However, as of 2012, the cybersecurity giant Symantec announced that they had discovered one of the first malicious drive-by applications written specifically for Android.

Drive-by delivery

What makes this type of malware so dangerous is that it disguises itself as a legitimate security application or update, potentially tricking older or less experienced users into installing it. How it accomplishes this is that when a user visits an infected website, a notification of some sort will alert the user than their device is “infected” with numerous types of malware and that their “app” will remove said infections. In some cases, no notification is given, and the malicious “update” file is downloaded automatically.

Everything to lose

Once the malicious file has been installed on the end device, a backdoor into your device is opened– ultimately putting it under a hacker’s control. These types of files, or trojans, have plagued Windows users for the better part of two decades, but have only recently made an appearance on mobile devices. The primary use for a trojan horse is to allow direct and uninhibited remote access to your computer or device by an unauthorized user. Once access has been granted, they can use your computer as a proxy (a computer network service that allows clients to make indirect network connections to other network services), steal sensitive data such as passwords and credit card numbers, or to simply spread the trojan and infect hundreds of thousands of other devices, allowing even more power and control to hackers.

“The best offense is a good defense”

Thankfully, the ultimate safeguard against malicious apps on Android is you. Any application on Android, both from the Android Market or from third-party websites or marketplaces, must be installed by personally by you, thus preventing any unauthorized access to your device. This levels the playing field slightly in favor of the user. The best course of action when it comes to installing mobile apps is that if you aren’t personally seeking a specific application to download, but one is automatically downloaded for you, then you should decline to install it and immediately remove any APK files related to the application in question from your device. And when downloading applications from the official Market, always be sure to check reviews and ratings left by other users. If others complain that the app does not function as it should, or does nothing at all, then it is most likely malware of some sort. Most successful attacks are direct results of social engineering as it requires the target to be tricked or manipulated due to ignorance so stay informed, and stay safe!

Top image by openfly