Mutating Trojans could pose a threat to Android users


From social networks to banks accounts, smartphones carry our most private and delicate information. For this very reason, security is one of the hottest topics in the Android ecosystem, andthe newest threat reported is marking the beginning of a new malicious era – mutating Trojans.

There are different opinions regarding mobile security. Some believe that it is not a significant issue, including a Google employee that went as far as to call mobile anti-virus companies “charlatans and scammers” that play with your fears for profit. Google has recently announced Bouncer, which has lowered malicious app downloads by 40%.

There is also those who believe it is not very relevant right now, but might feel differently in the near future. Hackers and virus programmers focus on market share. They target the OS that has the most users, hence the fact that most viruses developed are aimed towards Windows computers. Android is growing rapidly, and it is the most popular mobile operating system in the world (comScore reports almost 50% market share in the U.S.). Undoubtedly, security will become a bigger issue in the future.

The newest member to the Trojan family has just been reported by Symantec. It is called Android.Opfake, and it mutates every time it gets downloaded. This allows for the Trojan to bypass anti-virus detection, and according to Symantec, all of them are distributed by Russian websites. Vikram Thakur from Symantec had this to say:

As with malware that affects traditional computing devices, the level of sophistication of the polymorphism used can affect how easy or difficult the threat is to detect. More complicated polymorphism requires more intelligent countermeasures.

This Trojan is not as advanced yet, as only certain parts of the app are modified every time it gets downloaded (server side polymorphism). But future threats could be designed around local polymorphism, which would modify the app’s very code every time it gets executed.

It would be harder to for any anti-virus app to detect it, and such companies would need to exercise more complicated processes in order to stop them. After attending a presentation from avast! Free Mobile Security, I learned that their app works differently, compared to many other security applications. Their system is not a simple black-list. Rather, it actually looks at the coding within the analyzed applications. Such practices could be a better option for the future of morphing Trojans. Here’s some sound advice from Tim Armstrong, a malware researcher at Kasperky Lab:

If antivirus vendors place their detection on the executable and non-changing sections, all files would be successfully detected. However, if the Trojan’s executable code were also polymorphic, the challenge of detecting it would be more difficult.

This, along with many other advancements in malicious apps, should keep Android users on their toes. The future for the little green robot looks very bright, but also more dangerous. So what should you as a user do to protect yourself from these Trojans? Well, make sure to stick to good practices – only use trusted application stores, read reviews, and take a look at the ratings. Be a careful consumer, and things should be fine for now. But we may soon have the necessity to download anti-virus apps. Right now, they are only an extra layer of protections, and are mostly used for their anti-theft or loss features.

Source TechWorld

  • I’ve always said that its not the computer (or phone, or tablet) that gets a virus, it’s the user.
    No security/antivirus program is a substitute for common sense.

  • should be aware of using mobile security.

  •  Any system where an app can look, check and control the executed code of other apps is suspect. If a scanner can check other apps then viruses can use that same feature to do their nasty bussiness.

    It is better to have a system that is so locked down that virus scanners are impossible.

  • Linuxfreak

    This piece is more norton/symantic trying create a unneeded market of Android users into thinking it is like Windoze and is prone to virus and the like. Well it is not! This is LINUX folks. We don’t use anti virus for our machines. Your wore out statement of the number of users determines a likely target is just dead wrong and you should know it!. Garbage code does not have write privilege in root and code cannot execute in a binary/no file extension,partitioned environment with out permission. The reason for these bs stories as of late is they see there 2 BILLION DOLLAR A YEAR business waning due to more Android/Linux based devices!
    Age of OS or number of users have no effect on it being compromised.