Android Mobile Malware Report – June 2012
The first month of summer seems to have heated up some simmering issues in the world of Android malware. Some of the issues we’ve seen creeping up through spring time have entered full bloom in the past 30 days.
A quick look at May’s Mobile malware stats revealed a new detection (Android.Adware.Mulad.A) that slowly started to take the lead in our top 10 monthly malware chart.
The Android.Adware.Mulad.A is mainly used to generate income by injecting adsense code into legitimate free apps that are then repacked and uploaded to third-party marketplaces. While they are not malicious in nature, these apps are hijacked and used by others to generate income.
Our June report shows a significant increase in apps sporting Android.Adware.Mulad.A, raising a whopping 64.87% from the total of scanned Android applications. Because adware is not inherently malicious, we’ll leave it out of our top 10 threats and just emphasize that it has grown significantly from the 29.89% in May’s report.
From 23.37% to 22.67%, Android.Trojan.FakeDoc.A has dropped 0.7 percentage points from last month’s report, however it’s still significant enough to pose a threat. Posing as “Battery Doctor”, the app broadcasts emails from your Gmail account along with other personal information to an attacker-controlled server. Still having the Trojan in pole position leads us to believe users are still not aware of the dangers they expose themselves to when trying to optimize battery performance.
Device rooting has gone up from 8.05% last month to 10.58% this June. A 2.54 percentage points increase indicates that more users opt to root their devices, exposing themselves to obvious security issues. Android.Exploit.RATC.A occupies a steady second place in our chart, with the promise that “Rage Against the Cage” is still present.
An unexpected surprise comes from Android.Adware.Wallap.A, which was featured as seventh last month and now clocked in at number three. With an increase of 6.31 percentage points, it reached 8.35% in only 30 days. While adware is not malicious, it’s worth mentioning that we have two adware tools that are currently used.
Gingerbread-running devices are still rooted by means of Android.Exploit.GingerBreak.A, whose code paves the way for various malware infections. Although users are aware of the exploit, they willingly sign up for the process. Ranking fourth with 5.57%, the exploit spiked 0.93 percentage points since our May report.
Another tool used for rooting devices is Android.Exploit.Exploid.B which behaves in much the same way as Android.Exploit.GingerBreak.A. It has jumped from 2.59% to 4.22% in the last month, revealing that users don’t really fancy devices with factory settings.
Android.Trojan.SMSSend.G clocked in sixth this month with a 2.81% detection rate, closely followed by Android.Hacktool.Faceniff.A with 2.63%. It’s obvious that premium SMS messages and spoofing Wi-Fi networks for social networks’ passwords are not going away.
Ranking eighth, Android.Trojan.NotCompatible.A featured a 0.5 percentage points increase from May’s report, reaching 2.49%. In case you missed it, the Trojan is mostly used in drive-by attacks where websites are injected with a hidden frame, causing Android users to receive a fake notification update. Downloading the “Update.apk” file and installing the app which poses as “com.Security.Update”, will allow the Trojan to be installed, thus leading to a world of hurt.
Android.Hacktool.DroidSheep.A is a small tool that takes advantage of the security properties of Wi-Fi networks without encryption, so it can hijack personal emails or social networking accounts by stealing their passwords. With a 2.31% detection rate, it’s ranked ninth in our current report.
Last but not least, Android.Trojan.FakeInst.AV still tricks users into thinking they’re downloading a perfectly legitimate app so it can send premium SMS messages in the background. What makes it interesting is that the Trojan continuously changes its icon so it can avoid detection. Only 1.96% of our scanned apps revealed its presence, with a 0.52 percentage points increase compared to the previous month.
This report would have hopefully convinced many of you that installing a mobile security solution is a wise choice and that downloading legitimate Google Play apps is mandatory to stay safe. We’ll come back next month with a new report where we’ll continue our analysis on Android malware trends and statistics.
All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.