Mutating Trojans could pose a threat to Android users
From social networks to banks accounts, smartphones carry our most private and delicate information. For this very reason, security is one of the hottest topics in the Android ecosystem, andthe newest threat reported is marking the beginning of a new malicious era – mutating Trojans.
There are different opinions regarding mobile security. Some believe that it is not a significant issue, including a Google employee that went as far as to call mobile anti-virus companies “charlatans and scammers” that play with your fears for profit. Google has recently announced Bouncer, which has lowered malicious app downloads by 40%.
There is also those who believe it is not very relevant right now, but might feel differently in the near future. Hackers and virus programmers focus on market share. They target the OS that has the most users, hence the fact that most viruses developed are aimed towards Windows computers. Android is growing rapidly, and it is the most popular mobile operating system in the world (comScore reports almost 50% market share in the U.S.). Undoubtedly, security will become a bigger issue in the future.
The newest member to the Trojan family has just been reported by Symantec. It is called Android.Opfake, and it mutates every time it gets downloaded. This allows for the Trojan to bypass anti-virus detection, and according to Symantec, all of them are distributed by Russian websites. Vikram Thakur from Symantec had this to say:
As with malware that affects traditional computing devices, the level of sophistication of the polymorphism used can affect how easy or difficult the threat is to detect. More complicated polymorphism requires more intelligent countermeasures.
This Trojan is not as advanced yet, as only certain parts of the app are modified every time it gets downloaded (server side polymorphism). But future threats could be designed around local polymorphism, which would modify the app’s very code every time it gets executed.
It would be harder to for any anti-virus app to detect it, and such companies would need to exercise more complicated processes in order to stop them. After attending a presentation from avast! Free Mobile Security, I learned that their app works differently, compared to many other security applications. Their system is not a simple black-list. Rather, it actually looks at the coding within the analyzed applications. Such practices could be a better option for the future of morphing Trojans. Here’s some sound advice from Tim Armstrong, a malware researcher at Kasperky Lab:
If antivirus vendors place their detection on the executable and non-changing sections, all files would be successfully detected. However, if the Trojan’s executable code were also polymorphic, the challenge of detecting it would be more difficult.
This, along with many other advancements in malicious apps, should keep Android users on their toes. The future for the little green robot looks very bright, but also more dangerous. So what should you as a user do to protect yourself from these Trojans? Well, make sure to stick to good practices – only use trusted application stores, read reviews, and take a look at the ratings. Be a careful consumer, and things should be fine for now. But we may soon have the necessity to download anti-virus apps. Right now, they are only an extra layer of protections, and are mostly used for their anti-theft or loss features.