It seems like we keep hearing about new versions of Android malware every other day and Norton says that isn’t an accident. The bad guys are going to be increasingly focused on the mobile space and Android should be one of the largest targets.
Norton has multiple products for the mobile space, so it does have a financial interest to get people concerned about Android malware. The company does have a wealth of experience in the security field, so I’d take its claims at face value.
Norton said Android is going to be an attractive target for bad guys because it fits the characteristics of a platform that will be targeted by cyber-criminals: it’s open, ubiquitous and monetizable. It’s open in the sense that there are plenty of documentation out there on the platform and it can be used to have apps modify it. If it’s not ubiquitous yet, it will be soon and it is increasingly being use for actions that can be monetized.
The security company said that we could see a rise in Android malware in multiple ways, including premium billing rates, spyware, search engine poisoning, adware, pay-per installs and more. We saw an example or how you an trojanize an app and it was a stunningly-simple process: You can save an app to your computer, run an off-the-shelf tool with a command line prompt that will decompile it, add the malicious code, adjust the manifest, recompile it and then you’re ready to submit your trojan app to the Android Market.
Google doesn’t really curate the Android Market, so this app could have the same icons as a legitimate app without much repercussion. Google has been good about killing apps once they’re discovered to be malicious but as we see a rise in legitimate third-party app stores like the Amazon App Store, consumers could be faced with more avenues for attack.
The issue gets even more clouded because of the permissions setup in Android, as some legitimate apps may need access to your personal information. Some seemingly-simple games may want access to your contacts list but that could be the basis for a great multi-player experience. If you add too many details about the permissions, you also risk people just glossing over all the permissions and hitting “accept.” This is a tough balancing act.
It makes sense for bad guys to target Android too, as the shift in computing to mobile devices will also mean that the bad guys will have to go to the devices and platforms where they can make money. To be fair, the number of threats against Android right now are a drop in the bucket (22 families) compared to what we see on the desktop and laptop side and most of the threats that we’ve seen so far has come from area like China, which has third-party app stores for its Android devices. Norton also said that this is very much in its infancy, as bad guys are experimenting with attacks because none are generating much revenue.
Norton believes that motivation of the cyber-criminals is very mature and it’s no wonder because the Android.FakePlayer attack netted the maker roughly $13 per download by posing as a movie player and using premium shortcodes in the background. That type of return on investment is going to make the bad guys drool at the thought of Android malware.
So, how can we be safe? It’s not going to just be as simple as having Norton’s product and you’ll be fine forever, as it will take the combined effort of the platform maker, app store provider and third-party security companies to try and keep our smartphones safe. It’s also not just going to be Norton taking its desktop products and porting them over, as mobile is a different animal entirely.