Mobile Malware Targeting Android Devices Hits New Highs

14 November, 2012

Total Mobile Malware Samples in the Database

Galaxy. Droid. Nexus. More consumers than ever use one of these Android-powered smartphones. The Android operating system is continuing to grow in popularity and now accounts for more than half of the U.S. smartphone market. But as Android use has spread among consumers and businesses so have a new breed of mobile threats, raising the bar for effective mobile security and mobile antivirus solutions. In fact, Android smartphones are now the largest target for mobile threats, including mobile malware and spyware — and very few mobile threats target any device other than Android smartphones.

The level of threat activity is ballooning. After a slight decline in early 2012, the volume of Android malware rebounded and nearly doubled in the latter part of the year. McAfee Labs researchers continually track this activity. Among the thousands of pieces of mobile malware flooding the McAfee Labs threats database are several pieces exhibiting advanced functionality. Here's a look at three of those threats.

Android/MarketPay.A
This advanced downloader automatically purchases apps from a third-party Android market. After making the purchase, the malware intercepts and resends the confirmation codes sent by the market, silently buying the apps and deleting other billing messages so the owner of the device is unaware of the activity.

Android/Funsbot.A
Part of a larger advanced persistent threat malware campaign, this botnet client takes commands that upload and download files from the attacker’s server. The client can also browse the directories of an infected Android device. This allows an attacker to both gather information on a particular target and maintain and increase control of that target.

Android/Backscript.A
This botnet client gets updates of new commands and functionality from the attacker's control server. Instead of downloading native executables, it uses a form of JavaScript that runs in mobile Java to shorten development time. Currently the malware performs pay-per-install installations of a particular third-party app, and can be easily updated to install other apps for a fee.

To keep up on the latest threats to Android devices and get the latest insights from McAfee Labs researchers on new mobile threats, read the McAfee Labs blog.