The Mechanics of Android Malware Revealed
Full Report with graphs/charts found here:
Please Login or Register to see this Hidden Content
According to McAfee, criminals use the cover of free apps to dupe consumers into agreeing to "invasive permissions" that grant the malicious app access to personal information.
Some of this info can be used to serve up targeted ads, so-called 'adware', which makes up 74 percent of all the malicious apps McAfee discovered online.
Other apps access permissions to send pricey SMS messages or trick users into granting an app publisher a five star rating (thereby enabling it to rank higher in the app store and lure more unsuspecting users).
McAfee has found SMS malware that send 7 messages. At a premium rate of $4 USD per message, $28 USD is a high price to pay for a “free” app.
This, more exploitative malware, accounted for 26 percent of malicious apps McAfee discovered lurking in mobile Android apps stores. McAfee also found that some apps get permission to intercept outgoing calls, change UI settings or access core system settings. The most susceptible app categories for Android malware were games, followed by personalization apps,
tools, music, lifestyle apps and TV apps.
Aggressive permissions endanger privacy and permit scams. Most mobile users do not understand mobile app permissions. Even more do not worry about them. Here is the problem: as consumers get less sensitive to permissions, they accept more permissions. Every extra permission provides an opportunity for criminals.
The permissions in “free” apps leak personal information, which ad networks use to target their ads: “Here’s a coupon for a store near your current general location.”
However, we find that 26% of apps are more worrisome than just adware. They contain the most invasive ad networks, those that collect precise GPS location, account, and activity information.
Many include malware that runs an SMS swindle or gives a criminal remote control of the device as a bot client. Aggressive permissions let these invasive ad networks and malicious attacks succeed.
RootSmart and DroidDream threats are the most sophisticated and invasive we have ever seen:
they will send handset information as well as install a downloader that lets them add spyware,
rooting malware, and backdoor or botnet software to your device. With all that extra software on board,
you may have rooted your device, but it is the attacker that is really in control.
For example, in April 2013, McAfee researchers dug into an attack that added data-stealing permissions to create a Trojanized version of the KakaoTalk instant messaging app. The attackers sent forged emails with an Android app as an attachment and used social engineering to convince victims to install the malicious app. The attackers added subtle but potent permissions that allowed them to install their malware and monitor messages and calls.
The bottom line: be careful about what apps you download and always scrutinize the kinds of permissions an app is seeking before you download it, especially if it's a freebie in any of the above categories.
To read the complete article see:
Enlightening users one person at a time