Malware on Android: The 5 Types You Really Need to Know About
Malware can affect mobile as well as desktop devices. But don’t be afraid: a bit of knowledge and the right precautions can protect you from threats like ransomware and sextortion scams.
What is Malware?
Malware is software with malicious intent . There are lots of different kinds, such as viruses, worms, trojans, spyware, adware and more.
The point of nearly all malware is to make money. – Sophos, “Exposing the Money Behind the Malware”
Depending on the type of malware, if you have it, the performance of your device could suffer, your personal information could be stolen, or intruders could gain access to your accounts. Those are just some of the potential consequences.
Ransomware: Holding Your Device Hostage
Svpeng is one type which combined ransomware and payment-card theft. For Russians (whom Svpeng was originally created to target) Svpeng would present a screen to input credit card details every time a user went to Google Play, which it would then send to the cybercriminal gang that created it.
For people in the US and UK it would present itself as the FBI, locking down the infected device for supposedly having child pornography on it. The user would then have to pay a ‘fine’ in order to have the device released.
Svpeng also checked to see if a banking app was installed, though it is unclear what it did with that information.
Russian Police arrested Svpeng’s 25 year old creator earlier in April, after having stolen over 50 million rubles ($930,000) and having infected over 350,000 Android devices.
Apps Installing Without Your Consent
Do you have any apps that let you open links inside them without having to go to your browser app? The component that renders the page for you in that situation is called Webview – and if you are one of the 950 million people who are running Android 4.3 Jellybean or lower, you need to know about this vulnerability.
Google has no plans to patch this vulnerability in Android 4.3 or lower. The best way to avoid being a target is to upgrade to the latest version of Android as soon as you can, or to avoid surfing through Webview by opening up links in a secure browser like Chrome, Firefox, or Dolphin.
Your Phone Is Off… Right?
Android/PowerOffHijack is malware that hijacks the shutdown process of your device so that it appears to be off, but remains functional. That way it can secretly make calls, take pictures, and more – all without you having a clue.
Unlike the first type of malware discussed in this article, Android/PowerOffHijack affects Android 5.0 and higher, and requires root access to work.
As of February 18th, about 10,000 devices were infected. So, do you need to worry? Unless you download apps from Chinese app stores, you’re probably safe from this threat, at least.
Innocent Apps Hiding Dormant Malware
In February we learned that certain Android apps were giving their users more than they bargained for. A patience/solitaire game, an IQ test, and a history app all sound innocent enough, don’t they? And you would never expect they had a problem if they behaved as intended for a month before doing anything dubious, wouldn’t you? However, each of these apps, which were downloaded more than five million times, had code in them that would trigger popups that, if clicked on, would lead to fake webpages, run illicit processes, or start unwanted app installs and downloads.
Filip Chytry of Avast Antivirus sheds light on the clue that tells you if you have this kind of malware:
Each time you unlock your device an ad is presented to you, warning you about a problem, e.g. that your device is infected, out of date or full of porn. This, of course, is a complete lie.
Google has suspended these apps from the Google Play Store, so as long as you don’t download them from another source, you’ll be okay.
Malware for Sextortion
Cybercriminals in South Korea have created fake social media profiles of attractive women to lure people into cybersex, whom they then blackmail by threatening to release the video on YouTube.
Here’s where the malware comes in. The perpetrators are now pretending that they experience audio problems with the chosen software (like Skype) and persuade their victim to download an chat app of their preference. In truth, the chat app steals the victims contacts to send to the blackmailer. The criminal uses the contact information to extort money more effectively by threatening to share the video with the victim’s close friends and family.
Android Installer Hijacking Vulnerability
Nearly 50% of all Android devices are at risk of a vulnerability called “Android Installer Hijacking”. Put simply, when you go to download a legitimate app, the installer can be hijacked allowing an app you didn’t want to be installed in its place. This happens in the background while you are reviewing the permissions of the app you want to install, either by setting up the benign app to install malware later, or by masking the true permissions it requires.
This vulnerability affects third party app stores, such as the Amazon App Store . Android devices 4.4 and higher are safe from this.
According to Palo Alto Networks, who discovered this vulnerability, if you have an affected device, the best way to avoid inadvertently downloading malware is by only installing apps from the Google Play Store.
Is Malware a Big Deal?
Alcatel-Lucent conducted a study that revealed 16 million mobile devices were hit with malware in 2014.
The Motive Security Labs malware report – H2 2014, which looked at all popular mobile device platforms, found that Android devices have caught up with Windows laptops in terms of malware attack numbers, with infection rates between Android and Windows devices split 50/50.
According to Verizon, mobile malware is hardly a problem at all. From Verizon’s 2015 Data Breach Investigations Report section titled, “I Got 99 Problems and Mobile Malware Isn’t Even 1% of Them”:
“An average of 0.03% of smartphones per week—out of tens of millions of mobile devices on the Verizon network—were infected with “higher-grade” malicious code.”
Verizon considers most of the malware infecting Android devices to be trivial “adnoyance-ware”, and other types that waste resources but don’t cause significantly more harm. Think that means we don’t need to worry about malware on our mobile devices? Not at all.
We are not saying that we can ignore mobile devices; far from it. Mobile devices have clearly demonstrated their ability to be vulnerable. What we are saying is that we know the threat actors are already using a variety of other methods to break into our systems, and we should prioritize our resources to focus on the methods that they’re using now.
So, you should still pay attention to the risks out there so that you stay safe. Malware may be a small problem today, but research from Lookout (a mobile security firm with an Android app that we reviewed previously ) shows that mobile malware is on the rise, particularly ransomware .
When you hear that 97% of the mobile malware out there is on Android (as reported by F-Secure), it certainly sounds like Android must be insecure for that to be the case. Just remember that as long as you stick to apps from the official Google Play Store, you are unlikely to encounter any of the dangerous malware out there. As we’ve shown here, malware lives and thrives in unofficial app stores, which are largely unregulated.
I only side-load apps when I have a good reason to believe they are safe, such as if I know the developer, or if it’s a mirror of an official app hosted by a trustworthy source.
Malware-Scanning & Removal
Had Problems with Malware?
As much as there are other threats to worry about which are more likely to affect us, it’s important not to let your guard down. Fortunately, not letting your guard down is pretty easy:
- Learn the signs of an Android malware infection .
- Stay informed (checking the MakeUseOf Security Matters section is a great start!).
- Don’t download anything unless you trust it completely, and trust the source completely.
Have you ever been plagued with malware on your smartphone? Do you worry about malware? And how do you feel about ‘adnoyance-ware’: nuisance, or security threat?