Cybercriminals are increasing their focus on Android-based smartphones given the relative openness of the platform, especially when combined with effective social engineering tactics.
That's according to security vendor, AVG, which recently released its Threat Report for the second quarter of 2012.
The Android platform represents approximately 59 percent of the global market and has been heavily targeted by malware authors, particularly from China and neighboring markets, according to the report.
The second quarter of this year witnessed the introduction of the first Android bootkit, "DKFbootkit," which masquerades as a fake version of a legitimate application and damages the smartphone’s Linux kernel code by replacing it with malicious code.
The key, according to AVG, is to trick users into approving the installation of the malware, thereby enabling it to adjust the boot sequence and fully engage when the device is turned on. Such an attack converts the device into a zombie that is fully under the cybercriminal’s control.
"Hackers are getting much better with social engineering methods," explained Larry Bridwell, global security strategist at AVG.
"And also, we're seeing the use of third-party app stores as a venue for spreading malware, particularly in the Asian markets. We are also seeing mobile exploits beginning to grow, especially on the Android because it tends to be more open."
For example, a Microsoft Patch Tuesday security bulletin closed the temporary window for a Trojan horse email attack against China, Japan, South Korea, Taiwan and the United States in order to send political messages regarding conditions in Tibet.
The email attachment also contains an embedded encrypted executable file that collects sensitive user information and is able to download additional malware.
"Some of this stuff comes packaged in very legitimate looking programs," added Bridwell. "Users should check to see whether it has a root access or super-user access, or access to your contacts, and decide whether the requested rights are warranted. And, always update your programs such as Adobe Reader and Adobe Acrobat because those seem to get hit even more frequently than the operating systems nowadays."
A typical example involves an Internet Explorer exploit in which users receive a message from a purported anti-virus website that would claim to have found malware on their computer. They are encouraged to download the malware, and, once installed, they are prompted to pay a fee in order to remove the malware, which may or may not actually happen.
In another case, Rovio's Angry Birds game was offered free of charge from at least one rogue site. However, the free version, which included graphics very similar to the authentic version, also included malware that connected the device to the criminals' command and control servers and downloaded additional malware.
AVG's Bridwell recommends that users ensure that they are familiar with the source of applications before downloading, and furthermore added that they should be cautious before clicking the "OK" button on any subsequent interfaces.
This article originally appeared at crn.com
Copyright © 2015 The Channel Company, LLC. All rights reserved.
Issue: 345 | December 2015