With the lack of security software on most mobile devices, cyber-criminals are starting to target these devices for identity theft and for use as part of a botnet. Smartphones are driving the growth in mobile web use, and while malware is still distributed via email attachments, the security company Trend Micro reports that over 80% of malware is now being distributed through the web.
Apple and Google are well aware of the fact that mobile devices are a prime target. Both companies screen apps for malware before allowing them to be sold on their app stores. While this may not catch ALL instances of malware-infected apps, it’s good to know that “someone is minding the store”. But what happens when the user decides to break the security model of the mobile device or download apps from a less trustworthy source? For example, a typical iPhone security configuration restricts the installation of apps to those available on Apple’s App Store. But a user can “jailbreak” the iPhone and install apps from third-party app stores. The problem is that many of these third-party app stores are not as diligent on preventing the spread of malware embedded within mobile apps.
A new trojan has been identified that targets the Android platform. This trojan, called “Geinimi”, gathers device information and personal information, then transmits it to a number of remote servers. This trojan has been called ‘the most sophisticated Android malware we’ve seen to date’ by the security company Lookout Mobile Security. What makes this trojan significantly different than other mobile malware is not the fact that it transmits data to remote servers, but the way the malware receives updates and attempts to hide itself from detection. “In addition to using an off-the-shelf bytecode obfuscator, significant chunks of command-and-control data are encrypted,” says Lookout. This method is similar to the process used by the Stuxnet worm that apparently targeted Iran’s Uranium enrichment centrifuges.
For now, Geinimi appears to target Chinese-speaking users of Android. The malware is found embedded in legitimate apps offered on third-party web sites with Android applications that have not been vetted for security.
So, what can the typical user do to protect themselves against this threat? Consider downloading and installing a security program designed specifically for mobile devices. Lookout Mobile Security offers a free download for Android, Blackberry and Windows Mobile. NetQin also offers a free download for their product that supports Android, Symbian and Windows Mobile.
More Info:
Lookout Mobile Security
Trend Micro 2011 Threat Predictions
Trojan can take over Android phones
Android mobile malware has botnet-like traits
