<p></p> <p>Google's Android smartphone platform has taken off like a rocket, winning more than half the global smartphone market share only three years after it was first introduced. But hitching a ride on that rocket are malware writers, who've been having a grand time exploiting the open-source, lightly supervised platform especially in the past year.</p> <p>In fact, there was a 472 percent jump in Android malware from July 2011 to Nov. 10, 2011, <a href="" target="_blank">according to the routing-hardware maker Juniper Networks.</a> Android attackers spent the year becoming much more sophisticated about the malware they created.</p> <p>Android's open model means anyone can create an app, and apps can be installed from anywhere. But this has created an ideal delivery model for cybercriminals, who inject Trojan horses malware hidden inside otherwise benign software into legitimate-looking apps and put them on the open market, often as free downloads.</p> <p>Because the apps are installed by the user, they bypass Android's strong built-in anti-virus protections. It's been said that Android doesn't have a virus problem but it definitely does have a Trojan problem.</p> <p>In the early spring of last year, Juniper researchers said they began seeing a quantum change in Android malware. New varieties appeared that took advantage of several Android vulnerabilities, some of which let the malware gain root access on mobile devices and then install additional malware packages.</p> <p>"Today, just about every piece of malware that is released contains this capability, simply because the vulnerabilities remain prevalent in nearly 90 percent of Android devices being carried around today," said a Juniper report. "Attackers know this, and they're using it to gain privilege escalation on the device in order to gain access to data and services that wouldn't otherwise be available."</p> <p>The explosion in Android malware in 2011 was so recent that most of the following eight major Android Trojans, though contained, are still lurking around.</p> <p>"All of these are still in the wild in some places," said Tim Armstrong, Android malware researcher at anti-virus firm Kaspersky Lab. "The thing is when one pops up, we find it, we write about it and it sort of disappears."</p> <p>If you have an Android phone, put <a href="">anti-virus software</a> on it immediately, and review the permissions each app asks for before you install it.</p> <p>Click on the "next" button in the upper right to proceed.</p> <p></p>


<p> The DroidDream Trojan, <a alt="((CONLINK|2161|discovered%20in%20early%20March))" href="">discovered in early March</a> , was significant because it was found hiding in apps in Google's official Android Market, Armstrong said.</p> <p>"People thought that they could open-endedly trust this application, because Google runs the Android Market and it has an air of security around it," he said.</p> <p>There were more than 50 different apps infected, created by three different developer accounts. The bad guys took legitimate apps created by other software developers, added malware and re-uploaded them to the Android Market with similar names.</p> <p>"Because of the nature of Android applications and how they're made, it's relatively easy to take them apart, add things to them and put them back together again," Armstrong said.</p> <p>DroidDream collected information from users such as the unique numbers carriers use identify handsets and SIM cards, which cybercrooks then used to clone more SIM cards. Using a cloned SIM card, premium-rate SMS messages can be sent on your dime money that the cybercriminals pocket.</p> <p>"If I had a clone of your SIM card, I could get access to your text messages. There are a lot of things that can happen," Armstrong said.</p> <p>Google pulled DroidDream from the Android Market after a couple of days and <a alt="((CONLINK|6673|remotely%20removed%20it))" href="">remotely removed it</a> from users' phones within a week.</p> <p>DroidDream also contained two root exploits that "escalated privileges" on a phone it gave itself the ability to change major parts of the operating system.</p> <p>"By definition, nobody has an administrator account on an Android phone," Armstrong said. "What these exploits did is gave the application administrator access so that it could access anything on the phone that it wanted to, so things that would normally be protected are wide open."</p> <p></p>


<p> The data-stealing DroidKungFu was found in the alternative Chinese application market in May. It exploited two vulnerabilities that enabled hackers to take complete control of Android devices and steal data.</p> <p>"The thing is, there is no review of the applications in [China], so you can upload anything," Armstrong said. "The biggest threats are things like DroidDream, and DroidKungFu is DroidDream with less requests. A lot of times the [malware] will ask for a bunch of permissions. But the later versions like DroidKungFu ask for less requests to avoid suspicion."</p> <p></p>


<p> Discovered in mid-October, Fakeneflic was a <a alt="((CONLINK|7239|malicious%20copy))" href="">malicious copy</a> of the popular Netflix Android app. It was an information thief that stole login credentials for real Netflix accounts.</p> <p>"The thing that's most common with Android malware it either steals information, or it sends premium-rate SMS messages," Armstrong said. "This is category one, where it steals information. It's a password stealer. It came up with a Netflix splash screen that you would use to log in, then once you did it would crash and take your username and password. It was a first run to collect details."</p> <p></p>


<p> This Trojan, uncovered in June, was <a alt="((CONLINK|6928|automatically%20downloaded))" href="">automatically downloaded</a> to a phone when the user visited a malicious imitation of the Android Market website. It targeted American Android users and signed them up to a number of premium SMS subscription services without their consent. The unapproved charges went into the pockets of the hackers.</p> <p>"Android users are directed to install this Trojan after clicking on a malicious in-application advertisement, for instance, a fake battery saver," Armstrong said. "The GGTracker is significant as the delivery method has changed."</p> <p></p>


<p> Found in August, Nickispy was spyware that <a alt="((CONLINK|7076|stole%20location%20information))" href="">stole location information</a> from Android devices using GPS or Wi-Fi network reference. It also recorded phone calls and text messages, and sent all this private information to a remote site without the user's knowledge.</p> <p>Some Chinese app stores openly marketed it as an adultery tracker for suspicious spouses, but the personal information transmitted was also valuable to identity thieves who embedded it as a Trojan in corrupted apps, including a version of the official Google+ app.</p> <p></p>


<p> Notorious for years as a PC-based "banking Trojan" that intercepts online sessions between bank customers and their accounts, ZeuS <a alt="((CONLINK|6976|spread%20to%20Android%20devices))" href="">spread to Android devices</a> in July.</p> <p>"This is the scariest out there," Armstrong said.</p> <p>Disguised as a security application, the Android variant of ZeuS intercepts the one-time-use passcodes that banks text-message to clients as an extra login security feature. It forwards the texted passcodes to a remote Web server, from which the cybercriminals can use them to drain the victims' accounts.</p> <p></p>


<p> Discovered in early October by the security firm Trend Micro, this Trojan can <a alt="((CONLINK|7222|access%20stored%20information))" href="">access stored information</a> on users' devices as well as make calls, restart apps and send and receive text messages. It was found embedded in an e-book reader app available for download in a third-party Chinese Android app store.</p> <p>Armstrong said the Anserver Trojan's sophistication is remarkable.</p> <p>"It is designed to make analysis by researchers difficult by containing code obfuscation and signature verification," he said. "It's also able to detect and remove some anti-virus applications. It's even able to collect commands from encrypted blog posts. This shows a level of design complexity not often seen in mobile malware, and demonstrates a disturbing development."</p> <p></p>


<p> Detected in November by Kaspersky Lab, Foncy has been found <a alt="((CONLINK|7351|hiding%20inside%20pirated%20versions))" href="">hiding inside pirated versions</a> of SuiConFo, a legitimate Android app that monitors SMS and data usage. After it's installed, Foncy begins a covert hijacking campaign that can wreak havoc on affected Android phones. It sends expensive texts, running up the victim's monthly bill in the process and profiting the cybercrooks. Foncy also causes Android phones to secretly receive text messages, which it blocks the user from seeing.</p> <p>"The Foncy Trojan is notable as it does not target Russian or Chinese smartphone users," Armstrong said. "Instead, it preys on a number of European countries, and even Canada. This is an SMS Trojan, the most common type of mobile malware, but the fact that the list of target countries is growing is a definite cause for concern."</p>

8 Android Trojans You Need to Watch Out For