Android Devices Under Attack from Malicious Malware

Description : 

Malware attacks are growing steadily despite all the protection against this disease. Hacking has become an organized cyber crime with people specialized in this “art”, coming together to wreck havoc against the computer and cell phone software. 

U.S law enforcing authorities have cracked down upon number of groups - local and international - involved in cybercrime.

Rogue gang on the loose

One of the famous is a gang of Chinese cybercriminals, Luckycat - targeting employees at high positions in prestigious professions, such as executives in the aerospace, energy, and engineering industries. Since the news came out in June 2011, Lucycat has evolved into a sophisticated and malicious cybercrime gang. Their first target was Windows in 2011, while in early 2012 the gang targeted a Javascript with SabPub, which was injected through a flaw in its mechanism, to spy on Mac OS systems.

Now, Android devices are on target of Luckycat, reported by Trend Micro, a security company with evidences.

Android phones targeted

Trend Micro collected the evidences after a thorough investigation of Luckycat’s command and control center, which led to the discovery of two incomplete and undelivered Android apps - along with deliveries of SabPub through exploitation of Javascript. The two Android apps were called “testService” - were not easy to detect - the only thing that give away the presence of these apps inside the software was the one of the icons was visible. This clearly showed that the hackers were trying to get the apps in a stealth mode, so that they go undetected.

Imitating a Trojan

The two Android apps imitated behaviors of a Remote Access Trojan (RAT) - exhibiting ability to locate sensitive data and upload them to a remote server. However the "remote shell" command was incomplete, meaning the attackers couldn't take real-time control of the devices, which saved the devices for a while.

Explaining the dangers of being able to remotely control devices in real time, Tom Kellermann, director of cyber security at Trend Micro, said that if the attacker finds out from your phone's calendar that you have a meeting in ten minutes, he/she could just activate the mic.

Lookout Mobile confirmed that it detected the same malware samples in a device, all clearly in debug mode since the output was all debug messages.

Transfer of Malware to the target

There are several options - is followed to the core - can help attacker easily transfer malware into the target’s Android phone, working as Android spyware. Trend Micro observed malwares can be transferred through SMS or email containing a download URL disguised as something legit. Sabpub, for instance, was delivered through poorly-spelt emails appealing to Tibetan sympathizers.

Should You Worry?

There are not high chances of you being targeted, as Luckycat targets huge enterprises and companies; but you should be aware that the same malware could be used to target your Android phone. Few simple, but effective counter measures you can take are :

1. Download apps from trusted sources like Google Play and Amazon Android app Stores.

2. Don't click on strange links or attachments in the emails.

RELATED: Tightening Android Security Against Data Stealing Applications

Be Awesome! Feel free to Like, Share & Comment! ;)

*by andreascy*