Android Mobile Malware Report – August 2012
We’ve seen our share of malware, adware and other interesting Android threats this summer. With autumn upon us, it’s time to recap the sizzling highlights that plagued our top 10 Android mobile malware summer charts.
Although we didn’t start to break down adware until July, it’s worth mentioning that June kick started what we would later discover to be an avalanche of adware. In July, 77.34% of the total Android malware detections were adware-bundled apps, while in August the percentage dropped to 55.17%. We did predict adware would plateau after an abrupt spike. This could be the first step towards that.
Some threats that used to dominate out top 10 have faded out, placing Android.Trojan.FakeDoc.A fifth instead of the usual pole position. Dropping 10.46 percentage points from July and 18.35 percentage points from June, “Battery Doctor” clocked a percentage of only 4.32% in August.
Android.Trojan.GingerMaster.AU managed to place first this August, with a 13.78% infection rate. The malware uses an exploit against Android 2.3 (known as Gingerbread) and comes bundled with multiple apps that attract unsuspecting users. As soon as the infected device is rebooted, it launches in background and broadcasts device ids, phone numbers and more by uploading them on a command and control server.
This August’s second place is occupied by Android.Trojan.FakeApp.C which can display advertisements and collect personal information at the same time. The main infection vector was through highly popular games such as Asphalt6, Bekeweled, Doodle Jump and others. Although this is its first appearance, the Trojan will probably remain in our top 10 for at least a couple of months.
Hacktools rarely made it to third place, but Android.Hacktool.Pentr.B brings forth the wind of change with a 5.89% infection rate in August. The hacktool enables penetration testing on routers, which means that Android users appear to be interested in such features on their handset.
“Rage Against The Cage” was second in both June and July, but placed fourth this August. With only a 5.16% infection rate, compared to 10.58% in June and 14.3% in July, Android.Exploit.RATC.A still hangs on as the dominant rooting solution for Android devices.
The second rooting tool present all through the summer, Android.Exploit.GingerBreak.A, registered the same fall in infection rate, clocking in only 3.16%. From 5.57% in June to 6.38% in July, the exploit reached an all-time low at the end of the summer. It’s unlikely to completely disappear from our chart any time soon as some users will always feel the need to root their Android devices.
Android.Trojan.SMSSend.Q is yet another Android Trojan that’s part of the same SMSSend family. Charging users by covertly sending SMS messages to premium rate numbers is still its main function and it has been present in our malware chart although the summer. With a 1.95% infection rate, compared to 2.81% in June and 2.85% in July, it just might be that it will level off around these figures.
A new addition to our chart is Android.Monitor.Sheriff.A, which monitors a user’s whereabouts by tracking GPS coordinates. With a relatively low infection rate (1.82%), we’ll probably see it bundled with other apps or malware, as we’re sure that malware coders will find good use in knowing where you are at all times.
The rise and fall of Android.Trojan.FakeInst.AV in the past three months leads us to conclude that malware coders are still interested in generating revenue by using Trojans that send SMS messages to premium-rated numbers. At an all-time low of 1.80%, compared to June (1.96%) and July (3.16%), this autumn it will probably wither away from our chart.
At 10th place in our chart is Android.Monitor.MobileTrack.A which behaves in pretty much the same way as Android.Monitor.Sheriff.A except that it’s delivered through different packages. With the same infection rate of 1.80% as Android.Trojan.FakeInst.AV, we’ll have to wait until next month to see which of the two will be kicked out of the chart.
After a summer vacation, Android malware coders will probably cook up something new this autumn. To stay safe, we strongly encourage users to install mobile security software for their Android devices and carefully read app permissions before installing anything.
All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.