Threat analysis for android malware
Bitdefender published its August 2012 Android malware threats report. While in August the percentage of adware-bundled apps dropped to 55.15 per cent, from July’s 77.34 per cent, June kick-started what would later be discovered to be an avalanche of adware.
Some threats that used to dominate the top ten have faded out, placing Android.Trojan.FakeDoc.A fifth instead of its usual pole position. Dropping 10.46 per cent from July and 18.35 per cent from June, “Battery Doctor” clocked a percentage of only 4.32 in August.
Android.Trojan.GingerMaster.AU managed to place first this August, with a 13.78 per cent infection rate. The malware uses an exploit against Android 2.3 (known as Gingerbread) and comes bundled with multiple apps that attract unsuspecting users. As soon as the infected device is rebooted, it launches in the background and broadcasts device IDs, phone numbers and more by uploading them on a command and control server.
August’s second place is occupied by Android.Trojan.FakeApp.C which can display advertisements and collect personal information at the same time. The main infection vector was through highly popular games such as Asphalt6, Bekeweled, Doodle Jump and others. Although this is its first appearance, the Trojan will probably remain in Bitdefender’s top 10 for at least a couple of months.
Hacktools rarely made it to third place, but Android.Hacktool.Pentr.B brings forth the wind of change with a 5.89 per cent infection rate in August. The hacktool enables penetration testing on routers, which means that Android users appear to be interested in such features on their handset.
“Rage Against The Cage” was second in both June and July, but placed fourth this August. With only a 5.16 per cent infection rate, compared to 10.58 per cent in June and 14.3 per cent in July, Android.Exploit.RATC.A still hangs on as the dominant rooting solution for Android devices.
The second rooting tool present all through the summer, Android.Exploit.GingerBreak.A, registered the same fall in infection rate, clocking in only 3.16 per cent. From 5.57 per cent in June to 6.38 per cent in July, the exploit reached an all-time low at the end of the summer. It is unlikely to completely disappear from Bitdefender’s chart any time soon as some users will always feel the need to root their Android devices.
Android.Trojan.SMSSend.Q is yet another Android Trojan that’s part of the same SMSSend family. Charging users by covertly sending SMS messages to premium rate numbers is still its main function and it has been present in the Bitdefender malware chart throughout the summer. With a 1.95 per cent infection rate, compared to 2.81 per cent in June and 2.85 per cent in July, it may level off around these figures.
A new addition to the chart is Android.Monitor.Sheriff.A, which monitors a user’s whereabouts by tracking GPS coordinates. With a relatively low infection rate (1.82 per cent), it will probably be seen bundled with other apps or malware, as Bitdefender is confident that malware coders will find good use in knowing where users are at all times.
The rise and fall of Android.Trojan.FakeInst.AV in the past three months has lead Bitdefender to conclude that malware coders are still interested in generating revenue by using Trojans that send SMS messages to premium-rate numbers. At an all-time low of 1.80 per cent, compared to June (1.96 per cent) and July (3.16 per cent), it will probably wither away from the Bitdefender chart this autumn.
At 10th place within the Bitdefender chart is Android.Monitor.MobileTrack.A which behaves in a similar way as Android.Monitor.Sheriff.A except that it is delivered through different packages. With the same infection rate of 1.80 per cent as Android.Trojan.FakeInst.AV, it will have to be seen next month which of the two will exit the chart.
After a summer vacation, Android malware coders will probably cook up something new this autumn.