Have you ever accessed your bank account through your Android device? There is a virus that can harvest your banking credentials from your phone and forward it to cyber-criminals in a neatly formatted email. The FakePlayer virus will hijack your phone's SMS functionality and send text messages to expensive premium-rate phone numbers. NickiSpy listens to your discussions with friends and family and forwards them to a remote server. British Telecom once said that most Android phones are infected with some sort of malware. But how does someone get these viruses?
=>Repackaging
Over 80 percent of Android malware piggybacks on legitimate apps. A malware author downloads an app, dissects it and inserts malicious code. He then reassembles the app and uploads it to the Google appstore or an alternative market. After you download the app, the virus detaches from the legitimate program and wreaks havoc on your phone. Potentially repackaged apps include popular game apps, paid apps and utility programs.
Malware authors will hide their repackaged viruses by changing the names of the class-files. The versatile DroidKingFu virus uses the name "com.google.update" when running on an infected phone. This kind of naming scheme makes it difficult to find malware on your Android; when are you going to think "com.google.update" is dangerous?
=>Update Attack
Repackaging usually shoves the entire malicious payload into the legitimate program. This is very easy to detect, especially via Google's Bouncer scanner. Leveraging an update attack, however, makes it extremely difficult to detect malware infections. The trick is in fragmentation; the repackaged program only contains a benign stub that contains no malicious code. Once the program is installed on a user's phone, however, the stub will hijack Android's update screen and tell the user that a new update is available. If the user accepts, then the stub will pull down the real malware and infect the phone. This technique is exceptionally powerful because it circumvents scanners like Google's Bouncer, which allows viruses leveraging update attacks to add themselves to Google's appstore.
=>Drive-by Download
The third method Android malware utilizes is the drive-by download. Drive-by downloads do not leverage actual browser exploits. Instead, they attempt to convince the user to download them via social engineering. This family of malware attempts to entice the user with offers of "feature-abundant" or "fascinating" apps. Normally this is conducted via website redirection, where the user is redirected to an advertisement that boasts the features of some fake app. If the user downloads the app then the malware will install alongside it and implant deep within the operating system. An example is the Spitmo app, a variant of the Zeus banking trojan. This app recommends the user install a brand-new app that can better protect banking activities. If the user installs the app, the Spitmo trojan will proceed to dig up the user's banking credentials and send them to a remote server.
Android malware has many ways of infiltrating you phone. It is recommended that you install two separate antivirus programs and perform scans regularly. Another precaution is to be very selective with your installations. Never install an app that comes from an advertisement. Unless you have done sufficient research on the app, do not install it. The security of your Android phone is in your hands.
Thanks & Regards,
"Remember Me When You Raise Your Hand For Dua"
Raheel Ahmed Khan
System Engineer
send2raheel@yahoo.com
send2raheel@engineer.com
sirraheel@gmail.com
send2raheel (skype id)
My Blog Spot
http://raheel-mydreamz.blogspot.com
No comments:
Post a Comment