May 23, 2012
The Android OS is the most popular target for developers of mobile malware, with practically all new mobile malware directed at the Android platform. The majority of mobile attacks and their malware originate from and attack third-party markets — particularly in China and Russia.
In most cases, this malware is not in the official Android market. Although Google’s app store has suffered some malware incidents, app stores are the safest way for consumers to purchase apps. McAfee Labs researchers strongly advise installing software only from the official market to reduce the risk of compromising your Android device.
Among the new threats are variants of adware and mobile backdoor malware, some very simple premium-rate short message service (SMS) sending malware, and even more destructive malware that targets photos stored on Android devices.
Mobile adware displays ads on a victim’s phone without permission. (This does not include ad-supported games or apps.) Adware ranges from wallpaper with added sales pitches (Android/Nyearleaker.A) to fake versions of games that send visitors to advertising sites (Android/Steek.A). Although adware doesn’t necessarily reduce users’ security, it does subject them to unwanted ads.
Mobile Backdoor Malware
Backdoor Trojans on Android devices are getting more sophisticated. Instead of performing just one action, they gain control of a victim’s device and launch additional malware. Here are a few examples of this type of malware analyzed by McAfee Labs researchers:
Mobile Photobombing Malware
Android/Moghava.A is one of the first destructive Android Trojans. This malware does not target the victim’s apps — it targets the victim’s photos. Moghava.A searches for photos stored on the SD card, and then adds the image of the Ayatollah Khomeini to each picture — and continues to add the image to the pictures until there is no space left on the card.