Security company ESET released a new report regarding the disturbingly high number of malware.
According to the report Trends for 2014: The Challenge of Internet Privacy, Android is the most widely used mobile platform with a market share of 79 percent, up from 2012’s 64.3 percent, and 2011’s 43.4 percent. Unfortunately, the popularity of Android is also its biggest downside as it makes it a prime target for malware.
ESET stated in the report that from January 2012 to October 2013, malicious codes for Android increased by 63 percent. Countries that showed greater growth in malware detection are Iran, China and Russia, but the firm noted that there is also an increase in malware detection in Latin American countries such as Peru which showed 150 percent increase in rate of detection, Ecuador with 142 percent, Bolivia with 114 percent, Paraguay with 94 percent, and Mexico with 90 percent.
New kinds of attacks
Aside from the increasing growth in malware detection, Android is also suffering from an increase in malware families, or a group of malicious codes which share some characteristics. In 2010, there were only three malware families targeting Android, that number has alarmingly jumped to 51 families in 2011, 63 families in 2012, and 79 families were reported until October 2013.
One of the most disturbing findings ESET unveiled in its report is that in 2013, there are new categories of Trojans for Android that were discovered. In the past, it was rare to find spyware or SMS Trojans, but last year, four new sub-categories of Trojans were discovered: Downloader Trojan, which tries to find other threats from Internet to subsequently install them in the device; Dropper Trojan, which installs other threats that the Trojan itself includes in its code; Clicker Trojan, which is intended to create traffic in a site or advertisement with the aim of artificially increasing the number of “clicks,” allowing the attacker to create a greater yield; and the most worrisome is the Bank Trojan, which specifically tries to steal information related to financial entities and banks.
Attackers are more cunning than ever – not only did the malware families rise, but malware version has also risen. Malware versions delivers some changes in the codes, which allows the attackers to bypass the security. Think of it like this – malware is deployed, the mobile platform releases a fix to get rid of it, the attacker makes some changes to bypass the fix so it can infect once again, then a fix is released, code is added, and so on. It’s a vicious cycle.
Though malware seems to be Android’s biggest problem, it’s not. Instead Android’s biggest problem could be a vulnerability rooted deep inside of the mobile OS.
The Master Key
According to Bluebox Labs findings, the vulnerability exists in almost all version of Android, from 1.6 to 4.2, and has been dubbed the “Master Key.” Every application has a unique key which is used to authenticate the app. Android prevents the installation of apps where the cryptographic signature is broken. Unfortunately, the Master Key vulnerability makes it easier for attackers to develop malicious codes that steal information and turn devices into zombies to camouflage as genuine apps. The vulnerability allows a cybercriminal to alter an application but leave the cryptographic key intact, allowing the malicious app to wreak havoc and not be detected by the system.
Bluebox Labs recommends the following to protect Android users:
- Device owners should be extra cautious in identifying the publisher of the app they want to download;
- Enterprises with BYOD implementations should use this news to prompt all users to update their devices, and to highlight the importance of keeping their devices updated; and
- IT should see this vulnerability as another driver to move beyond just device management to focus on deep device integrity checking and securing corporate data.