Latest Android Trojan Changes Shape to Evade Detection
CREDIT: Google/Creative Commons
At the risk of sounding like a broken record, another new Android Trojan has been discovered in the wild. This one, however, could be a game-changer in the mobile malware world.
Malware researchers at the security vendor Symantec have found a polymorphic Trojan embedded in several malicious Android apps in the Russian Android Market. Identified as Android.Opfake, the Trojans, purporting to be free versions of popular Android apps, actually "morph themselves automatically in a few ways every time the threat is downloaded," Symantec wrote in a blog.
The modifications Android.Opfake makes to itself allow it to effectively evade detection by anti-virus software. Polymorphic Trojans targeting Windows PCs have existed "for quite some time," Symantec said, but this is the first instance of the same cybercrime tactic making its way into a Trojan specifically designed to infect smartphones.
A new pothole every day
Android.Opfake forces open the smartphone's Web browser and directs it to several websites, each hosting additional malware. The Trojan's code also contains text messages that, when downloaded, are automatically sent to premium-rate phone numbers, running up the customer's bill without his knowledge. This is nothing out of the ordinary; dozens of malicious Android apps execute the exact same functions.
Each time Android.Opfake is downloaded, however, the text message changes, producing a unique file that requires a whole new anti-virus signature to recognize and eliminate it.
Think of it this way: Every time you drive down your street, the gaping pothole moves across the road and halfway down the block. And every time a crew fills it in, it emerges new, and equally as dangerous.
Criminals move to mobile
The emergence of this type of Trojan with advanced characteristics does not surprise Ondrej Krehel, chief information security officer at Identity Theft 911. In an email, Krehel told SecurityNewsDaily, "Hacker techniques that are currently used on computer platforms will find their venues in the mobile world, which currently does not have the same level of security layers to deal with them."
Mobile users, in fact, are "most likely the best targets for hackers," Krehel added, "since they are not used to hackers' tricks."
As Tim Armstrong, malware researcher at Kaspersky Lab put it, it all comes down to money. "As the mobile market matures, we can expect to see malicious attempts to profit mature with it, both in the sophistication and diversity of those attempts," Armstrong told SecurityNewsDaily in an email.
Not here ... yet
Symantec said all the malware distribution sites for the Trojan are in Russia, but the corrupt software packages are capable of sending fraudulent text messages in 29 other countries, including Ireland, France, Norway, Spain and the United Kingdom.
Despite the fact that's it's not targeting American Android customers yet, it doesn't mean U.S. users should feel invulnerable from this type shape-shifting threat.
"It's possible that any malicious campaign can target users in the U.S," Armstrong said. "Android users should be acutely aware of the cost of popularity. If you are going to use Android, you need to be aware of the ways to avoid malware and spyware, best practices, and software that can assist you."
The mobile battlefield
The mere presence of this advanced smartphone-targeting Trojan may force anti-virus vendors to pay closer attention to the mobile landscape, and to think of it as the battlefield of the future.
"The threat is real," Krehel told SecurityNewsDaily, "so AV vendors will compete" [to become leaders] in this new market."
Armstrong agreed. "We have to take the lessons we've learned on the desktop and apply them, as well as learn some new ones. We all have to remain vigilant and change with the landscape."