Malwares continue to be a menace for Android
Malware attacks on smartphones have increased in the last one year. A study by Nokia’s Threat Intelligence Lab, published in March 2017, suggests that malware attack on smartphones went up by 400% in 2016 and 81% of the attacks involved Android OS. Google has developed an AI-based security solution called Play Protect, which will use deep learning to identify peer groups of apps with similar functionality and then put them under scanner to identify the ones which pose a security risk.
After Sonic Spy, Ghost Ctrl and Judy, a new army of malwares are threatening users.
Here are some of the recent malware attacks and how you can avoid them.
Researchers at trend Micro have discovered a new malware called Zniu, which is using an old flaw in Linux Kernel called Dirty Cow to gain root access into Android devices and plant a backdoor to steal data on the smartphone.
More than 5,000 users across 40 countries including the US, Japan, Canada and Germany, have been targeted so far.
Zniu only affects Android devices running on ARM/X86 64-bit architecture and hides behind games and apps on third-party apps stores. Once downloaded, the malware checks for code updates so it can implement Dirty Cow on the infected device.
The malware and its connection to Dirty Cow was detected by researchers from Trend Micro, who found over 1,200 Android apps which were infected with it.
Users can evade such threats by not downloading apps form third-party stores, even if it is the latest version of a popular app that has not been officially released on Play Store.
BlueBorne is a unique malware which doesn’t need a link or an app to target a smartphone. According to researchers from Armis Labs, BlueBorne is spread through airwaves using Bluetooth connectivity. It is designed to spread automatically from one infected device to another. Once it is installed on a smartphone, it gives the hacker unprecedented access over the device without users’ knowledge.
The malware is not limited to Android devices but can target Apple iPhones too. Both Apple and Google released patches to tackle it in August. If your Android device hasn’t received the August security update, you should be more careful before switching on Bluetooth in public places.
A new version of Expensive Wall malware was recently detected by researchers at Check Point. It uses wallpaper apps to target users and has been detected in over 40 Android apps so far. What makes it different from any of the malwares in the family is the advance obfuscation technique it uses to escape detection. In a nutshell, it encrypts a malicious file to make detection by Google Play protect more difficult.
Once an app with this malware is installed, it uses the phone number active on the device to subscribe for premium services without their knowledge and sends fraudulent premium SMS messages, charging their accounts for fake services. Users should read up reviews and only download apps form trusted developers and publishers.
Known for targeting banking apps, Bankbot malware has resurfaced again, hiding in a game on the Play store. The latest iteration of Bankbot was detected by IT security company ESET, which found it hidden inside an Android game called Jewels Star Classic. The game was released on Play Store on 26 August and was updated on 4 September. Once flagged by ESET, it was taken down by Google but not before it had infected 5,000 devices.
According to ESET, the malware is not immediately activated after the game is installed. It waits for 20 minutes to escape detection and then sends an alert asking users to enable something called Google services. After it is enabled, it redirects users to Android accessibility menu where they are asked to grant accessibility rights to Google services. This gives the malware administration rights over the device. Bankbot works by adding an overlay over a bank app’s login page and when a user enters the login details they are passed on to the hacker. To avoid this kind of risk, users need to download apps and games from trusted developers only.