Introduction to Android Malware

Hello everyone!

As some of you already know, mobile threats are on the rise. Every day there are more and more mobile devices, which translates in more targets for the malware industry.

But, as we always say, the best weapon against malware is knowledge. For this reason, we bring you today a brief classification of the most common Android malware, along with a bit of advice about infection vectors and possible targets.

Android security

 The most common families of malware found for Android are:

  • SMS Scammers: Basically, this type of malware uses your phone to send Premium SMS messages, which are quite expensive. For each message sent, the attacker gets a portion of money. Usually, the most common permissions requested by this family are SMS related.
  • Spyware: As the name says, the malware is used to intercept SMS, phone calls, information of the account logged in the device, GPS location, and information about the phone.
  • Trojan bankers: Taking advantage of the fact that banking and financial entities have their own mobile device applications, malware actors are developing their own trojanized versions, which are capable of stealing credentials and other relevant information retrieved by the app.

There are also other less common families, like ransomware (which will try to cipher your SD), or RATs (which will allow attackers to connect back to your device in order to obtain information).

In the world of mobile devices, the two most common infection vectors are markets (both official and unofficial), like Blackmarket, Aptoide, or Cydia (for iOS), and phising attacks, that try to trick the user to install the malicious application.

There have been cases of desktop malware with capabilities to infect connected mobile devices, but luckily for us, it’s not too common yet.

And to finish, the tip of the day:

  • One of the quickest ways to identify malware when installing an application is to look at the requested permissions. Malware developers have a tendency to be greedy when requesting them. For example, let’s say you’re installing an application that will allow you to program an alarm, and only that. That app shouldn’t need permissions to send SMS.

 Have a nice day!

 Victor Acin

Threat Intelligence Analyst

Dark Commerce

Exploring the cybercrime industry and its business models: part 1

Read free report
Demo Free Trial MSSP