Mutating Trojans could pose a threat to Android users

Mutating Trojans could pose a threat to Android users


From social networks to banks accounts, smartphones carry our most private and delicate information. For this very reason, security is one of the hottest topics in the Android ecosystem, andthe newest threat reported is marking the beginning of a new malicious era – mutating Trojans.

There are different opinions regarding mobile security. Some believe that it is not a significant issue, including a Google employee that went as far as to call mobile anti-virus companies “charlatans and scammers” that play with your fears for profit. Google has recently announced Bouncer, which has lowered malicious app downloads by 40%.

There is also those who believe it is not very relevant right now, but might feel differently in the near future. Hackers and virus programmers focus on market share. They target the OS that has the most users, hence the fact that most viruses developed are aimed towards Windows computers. Android is growing rapidly, and it is the most popular mobile operating system in the world (comScore reports almost 50% market share in the U.S.). Undoubtedly, security will become a bigger issue in the future.

The newest member to the Trojan family has just been reported by Symantec. It is called Android.Opfake, and it mutates every time it gets downloaded. This allows for the Trojan to bypass anti-virus detection, and according to Symantec, all of them are distributed by Russian websites. Vikram Thakur from Symantec had this to say:

As with malware that affects traditional computing devices, the level of sophistication of the polymorphism used can affect how easy or difficult the threat is to detect. More complicated polymorphism requires more intelligent countermeasures.

This Trojan is not as advanced yet, as only certain parts of the app are modified every time it gets downloaded (server side polymorphism). But future threats could be designed around local polymorphism, which would modify the app’s very code every time it gets executed.

It would be harder to for any anti-virus app to detect it, and such companies would need to exercise more complicated processes in order to stop them. After attending a presentation from avast! Free Mobile Security, I learned that their app works differently, compared to many other security applications. Their system is not a simple black-list. Rather, it actually looks at the coding within the analyzed applications. Such practices could be a better option for the future of morphing Trojans. Here’s some sound advice from Tim Armstrong, a malware researcher at Kasperky Lab:

If antivirus vendors place their detection on the executable and non-changing sections, all files would be successfully detected. However, if the Trojan’s executable code were also polymorphic, the challenge of detecting it would be more difficult.

This, along with many other advancements in malicious apps, should keep Android users on their toes. The future for the little green robot looks very bright, but also more dangerous. So what should you as a user do to protect yourself from these Trojans? Well, make sure to stick to good practices – only use trusted application stores, read reviews, and take a look at the ratings. Be a careful consumer, and things should be fine for now. But we may soon have the necessity to download anti-virus apps. Right now, they are only an extra layer of protections, and are mostly used for their anti-theft or loss features.

Source TechWorld

About author

AndroidGuys 4639 posts

Founded on November 5, 2007, we've enjoyed bringing you the latest in Android news and rumors. Updated daily, we strive to deliver reviews, opinions, and updates on all things related to Android.

You might also like

News and Rumors

News Republic among first apps optimized for Google TV

Mobiles Republic has become one of the first developers to optimize their Android application around the updated Google TV experience.  Starting this week, those of you with Google TV devices

News and Rumors

Nexus One Dock Details Emerge

We just received an email from one of our readers who had a chance to play with the forthcoming Nexus One docks.  Based on his description, we’re in for a

News and Rumors

NBA Brings Exclusive, Streaming Coverage to Android Handsets

Those NBA fans left wanting more from the Game Time app released a few weeks ago will be happy to learn about their next title, Close Up: NBA Eastern Conference


  1. Zfwaeld Zfwaeld
    February 07, 18:45 Reply

    I’ve always said that its not the computer (or phone, or tablet) that gets a virus, it’s the user.
    No security/antivirus program is a substitute for common sense.

  2. Hansy
    February 08, 00:55 Reply

    should be aware of using mobile security.

  3. René De Groot
    February 08, 07:18 Reply

     Any system where an app can look, check and control the executed code of other apps is suspect. If a scanner can check other apps then viruses can use that same feature to do their nasty bussiness.

    It is better to have a system that is so locked down that virus scanners are impossible.

  4. Linuxfreak
    February 08, 08:25 Reply

    This piece is more norton/symantic trying create a unneeded market of Android users into thinking it is like Windoze and is prone to virus and the like. Well it is not! This is LINUX folks. We don’t use anti virus for our machines. Your wore out statement of the number of users determines a likely target is just dead wrong and you should know it!. Garbage code does not have write privilege in root and code cannot execute in a binary/no file extension,partitioned environment with out permission. The reason for these bs stories as of late is they see there 2 BILLION DOLLAR A YEAR business waning due to more Android/Linux based devices!
    Age of OS or number of users have no effect on it being compromised.

Leave a Reply