Today, the most common business model for Android malware attacks is to install fake apps that secretly send expensive messages to premium rate SMS services. Recent examples have included phony versions of Angry Birds Space, Instagram, and fake Android antivirus products. In May 2012, UK’s mobile phone industry regulator discovered that 1,391 UK Android users had been stung by one of these scams.
The regulator fined the firm that operated the payment system involved, halted fund transfers, and demanded refunds for those who’d already paid. However, UK users represented only about 10% of this malware’s apparent victims it has been seen in at least 18 countries. Currently, one family of Android malware, Andr/Boxer, accounts for the largest number of Android malware samples we see, roughly one third of the total. Linked to .ru domains hosted in the Ukraine.
Andr/Boxer presents messages in Russian and has disproportionately attacked Eastern European Android users who visit sites where they’ve been promised photos of attractive women. When they arrive at these sites, users see a webpage that is carefully crafted to entice them to download and install a malicious app.
For example, the user might be prompted (in Russian) to install a fake update for products such as Opera or
Skype. Or, in some cases, a fake antivirus scan is run, reports false infections, and recommends the installation of a fake antivirus program. Once installed, the new app begins sending expensive SMS messages. Many of these Trojans install with what Android calls the INSTALL_PACKAGES permission. That means they can download and install additional malware in the future.
The regulator fined the firm that operated the payment system involved, halted fund transfers, and demanded refunds for those who’d already paid. However, UK users represented only about 10% of this malware’s apparent victims it has been seen in at least 18 countries. Currently, one family of Android malware, Andr/Boxer, accounts for the largest number of Android malware samples we see, roughly one third of the total. Linked to .ru domains hosted in the Ukraine.
Andr/Boxer presents messages in Russian and has disproportionately attacked Eastern European Android users who visit sites where they’ve been promised photos of attractive women. When they arrive at these sites, users see a webpage that is carefully crafted to entice them to download and install a malicious app.
For example, the user might be prompted (in Russian) to install a fake update for products such as Opera or
Skype. Or, in some cases, a fake antivirus scan is run, reports false infections, and recommends the installation of a fake antivirus program. Once installed, the new app begins sending expensive SMS messages. Many of these Trojans install with what Android calls the INSTALL_PACKAGES permission. That means they can download and install additional malware in the future.
