The 8 worst Android infections of 2011

December 14, 2011

Not surprisingly, given the wide-open nature of the OS and the Android Marketplace, malware creators have trained their sights on Google Android. (Symbian used to be the favorite mobile target in the not-too-distant past.) McAfee, in its influential quarterly virus report, wrote that in the third quarter, “Android was the sole target of mobile malware writers.”

Malware disguised as legitimate apps are a typical vector for, and without security software, it’s nearly impossible to tell the difference. “From malware to rootkits, malware-infested applications for mobile devices are showing up in alarming numbers, mostly out of Asia,” says technology analyst Rob Enderle of the Enderle Group.

Not surprisingly, the hordes of Apple iPad users don’t have to be quite as concerned, mainly due to Apple's absolute control of its system. “You hear about (malware) more on Android than Apple’s iOS,” says computer security expert Daniel Elswick, “mainly because Apple is strict with what apps they allow into the Apple App Store, while the Android Market is more open, so almost any application can make it in there.”

Here’s a look at the top threats for the past year.

1. Android.Fakeneflic
Instead of streaming movies, this fake app—which closely resembles the real Netflix app—carries a date-stealing Trojan. While still active, this Trojan would send data to a remote server, although Symantec now reports that that server is now offline. This Trojan got much news coverage this year, and caused many enterprises to begin questioning Google's commitment to security.

2. Android/PJApp
Symantec says Android.Pjapp can install applications, navigate to websites and add bookmarks to browsers. But the most disconcerting aspect of the virus is that it can send tt messages from your device, block messages and send user information back to the attacker.

This is a widespread Trojan that has a rootkit component and a bot component, according to Norman Proactive IT Security. Norman states that the bot component "connects to remote computers and makes the infected computer part of a botnet. It may download and install additional malware."

4. Android/Wapaxy
5. Android/LoveTrp
McAfee says these are "new versions of premium-rate SMS Trojans that sign up victims to subscription services. Like TDSS, these two viruses also delete all subscription confirmation messages received so that the victim remains unaware of the activity, allowing the attacker makes more money.

6. Android/NickiSpy.A
7. Android/GoldenEagle.A

McAfee also detected a new family of malware this year, one that steals information by stealing voice data and sending recordings to a remote server. Bundled into legitimate software, NickiSpy and GoldenEagle were capable of doing this, plus recording a tablet’s GPS coordinates, and even sending an infected tablet’s or smartphone’s IMEI (essentially a unique device ID) to a phone number in China. Like the above viruses, control of this malware is primarily performed via SMS.

8. Trojan-SMS.AndroidOS.FakePlayer.a
Finally, be extra careful about which custom media player you download. Kaspersky Lab, which discovered FakePlayer and others like it, says this malware takes advantage of Android phones after users install what appears to be a “harmless media player.” Once the bogus player is installed, the Trojan begins sending messages to premium-rate phone numbers without the owner’s knowledge or consent, resulting in money passing from a user’s account to that of the cybercriminals.


Load More