The Android malware problem is just beginning
It seems like we keep hearing about new versions of Android malware every other day and Norton says that isn’t an accident. The bad guys are going to be increasingly focused on the mobile space and Android should be one of the largest targets.
Norton has multiple products for the mobile space, so it does have a financial interest to get people concerned about Android malware. The company does have a wealth of experience in the security field, so I’d take its claims at face value.
Norton said Android is going to be an attractive target for bad guys because it fits the characteristics of a platform that will be targeted by cyber-criminals: it’s open, ubiquitous and monetizable. It’s open in the sense that there are plenty of documentation out there on the platform and it can be used to have apps modify it. If it’s not ubiquitous yet, it will be soon and it is increasingly being use for actions that can be monetized.
The security company said that we could see a rise in Android malware in multiple ways, including premium billing rates, spyware, search engine poisoning, adware, pay-per installs and more. We saw an example or how you an trojanize an app and it was a stunningly-simple process: You can save an app to your computer, run an off-the-shelf tool with a command line prompt that will decompile it, add the malicious code, adjust the manifest, recompile it and then you’re ready to submit your trojan app to the Android Market.
Google doesn’t really curate the Android Market, so this app could have the same icons as a legitimate app without much repercussion. Google has been good about killing apps once they’re discovered to be malicious but as we see a rise in legitimate third-party app stores like the Amazon App Store, consumers could be faced with more avenues for attack.