November 26 2011: Android became the exclusive platform for all new mobile malware , finds the latest McAfee Threats Report:(Third Quarter 2011). While the Symbian OS (for Nokia handsets) remains the platform with the all-time greatest number of malware, Android is clearly today’s target.
The report says:
Premium-rate SMS-sending Trojans continue to be attractive to malware authors. The Android/Wapaxy, Android/LoveTrp, and Android/HippoSMS families are new versions of premium-rate SMS Trojans that sign up victims to subscription services. The malware also cleverly deletes all subscription confirmation messages received so that the victim remains unaware of the activity, and the attacker makes more money.
Maliciously modified apps made up a good portion of mobile malware this quarter. The Android/PJApp family sends SMS messages, too, but also collects sensitive information (IMEI, IMSI, SIM data) from the phone. This type of theft has been a continuing trend for malware written for any platform: Steal as much data as possible once the device has been compromised.
In an interesting turn, Android malware has begun a new method of stealing information from users: by recording their phone calls. Two examples are Android/NickiSpy.A and Android/GoldenEagle. A, both of which record user conversations and forward them to the attacker. Attackers can’t be sure that the first one or two calls have the information they seek, so these malware remain on the devices for extended periods without being detected; that’s a very persistent threat indeed!
Another technique for stealing information is to use root exploits to gain access to system databases. This allows attackers to break free of the application sandbox that Android would normally make them sit in, and allows attackers access to all of the phone’s data and operations. The Android/DroidDeluxe and Android.ApkMon families try to gain root access (via different exploits) to read system files (such as SMS database, emails, and contacts). We expect this trend to continue as it has proved useful for years on other platforms.
Now that the SpyEye family of crimeware has started to take over from Zeus, the former’s authors apparently see the need to develop their own SMS-forwarding functionality. As this feature is necessary only to enable the malware to complete fraudulent banking transactions, these Trojans are very simple in their design. Android/Spitmo.A is an SMS-forwarding Trojan that operates very similarly in this regard to the Zitmo family. Why write a complex routine when a simple one will do the job?
Link to full report: