Android malware in the wild

Android malware in the wild

Summary: Maybe Android really is becoming the Windows of mobile operating systems - It even has the malware to prove it!

SHARE:
TOPICS: Security, Malware
66

If growing malware threats are a sign of operating system success (epidemic malware on Windows is certainly a symptom of the operating system's ubiquity), then it looks like Android really will beat iOS in the smartphone wars. Researchers have just discovered a powerful trojan called Geinimi targeted at Chinese Android users that could allow for anything from remote control of the phone to the creation of Android botnets.

According to CNET News,

Lookout Mobile Security...said Geinimi displays botnet-like qualities and is the most sophisticated wireless malware it has seen. Thus far, infected programs have only been seen on various Chinese app stores.

"Geinimi is effectively being 'grafted' onto repackaged versions of legitimate applications, primarily games, and distributed in third-party Chinese Android app markets," Lookout said in a blog post on Wednesday.

The security firm said it has already updated both the paid and free versions of its software to protect against Geinimi.

China today, US tomorrow. This trojan should serve as fair warning for Android users: mobile phones and tablets, even those with Linux underpinnings, are not immune to malware. It echoes a Microsoft argument against the apparent superiority of Linux security, notably that if Linux were as popular as Windows, it would be plagued with viruses too. As Android emerges as the dominant smartphone platform, users should be aware of the risks of downloaded applications.

Use of a security app like Lookout (available for free in the Android market) as well as vigilance around user privileges (most malware grafted to legitimate applications requests extensive system permissions when installed) will be necessary going forward. Let's just hope that Lookout stays relatively unobtrusive and Norton does't get into the mobile security business until we have quad-core phones.

Topics: Security, Malware

Christopher Dawson

About Christopher Dawson

Chris Dawson is a freelance writer, consultant, and policy advocate with 20 years of experience in education, technology, and the intersection of the two.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

66 comments
Log in or register to join the discussion
  • Proof

    That malware just isn't a Windows problem. A lot of you have condemned me for blaming user habits rather than Microsoft, but here we have proof that it is not the company's fault at all.

    Education is the key to victory, and if we can't educate the users, then the war is lost - as shown here.
    The one and only, Cylon Centurion
    • Clutching at straws huh?

      Just because Android has a problem doesn't excuse Microsoft.
      zkiwi
      • RE: Android malware in the wild

        @zkiwi Not entirely no but it does highlight the fact that the uneducated USER is also part of the problem. Most if not all people who frequent ZDNet have a higher awareness of malware issue and what to do to prevent and/ or get rid of it on our respective systems than Joe Average off the street... and is the type of person who needs to be educated in what to do/ not to do to prevent malware on all platforms he uses.
        athynz
      • he wasn't excusing MS, he was pointing out you people excusing Android

        @zkiwi
        for what clearly is a user issue. Who cares what OS it is, if Linux/Android can be hacked and "malwared", pointing out that it happens to Windows doesn't mean that it will magically disappear from the infected Android device.
        John Zern
      • Except that Android has NOT been hacked.

        @John Zern

        If you actually read the article and follow the link that it contains, you will discover that:
        a) the malware is pretending to be legitimate applications, and
        b) it <i>asks the user</i> for all the extra privileges that it requires to Do Bad Things.
        Zogg
      • Zogg, and that would go to my point that

        it's <i>clearly is a user issue</i>, like many of the Windows malware.<br>The person who wrote it likely wouldn't have if he didn't think people would not allow it access via those priveledges.<br><br>None of the Android users I know understand the OS, many purchased their phones because "the guy at the store said this phone was the best!".<br><br>I'm sure a few of them would allow it to install on their phones. <img border="0" src="http://www.cnet.com/i/mb/emoticons/happy.gif" alt="happy">
        John Zern
      • Except that this instance is *100%* a user issue.

        @John Zern.

        No hacking, no privilege escalation bugs, just users installing something other than what they <i>think</i> they are installing.
        Zogg
      • Roid had malware from day one.

        Roids issues have nothing to do with marketshare and everything to do with zero quality control on the Roid store. Malware has been a Roid issue since day one. Google is looking down the blade of a double edged sword. If they screen all their apps for malware, they lose a ton of apps and then look even more pathetic compared to Apple... If they don't screen for quality, they have a malware infested Roid store. Guess which blade Google chose...
        i8thecat
    • RE: Android malware in the wild

      @Cylon Centurion 0005 It's a combination - users habits & software problems.

      In many ways Microsoft had a unique problem. When Windows first arrived there were no networks. It was Windows 3.11 that really brought networking, and then it was all local area. These systems were "trusting puppies" they didn't address network threats, because largely those threats didn't exist. This "all doors open, everything running" made them quite easy to deploy and foolishly easy to exploit. The problem was how slow Microsoft were to recognise the problem, and how that early design hampered their attempts to secure Windows. Really we have to look at Windows Vista as the first really serious hardening (at the factory - so to speak) of Windows. Of course, this hardening also broke lots of applications, and helped sour the public perception of Vista (so much so, if you compare Windows 7 with Vista you're almost sure to get flamed - truth is these two are far more like each other than Windows 7 and XP). Windows pays the price of two things: Longevity & backward compatibility.

      There is no "key" to victory, user education might sound attractive - but really it's a dead-end, you can't hope to educate all users.

      This is probably a "war without end", but allowing backward compatibility to be eroded is the only realistic way to fight it. What we need is for users to be tolerant of application breakages and a better plan as to how such problems are addressed.
      jeremychappell
      • Users will never be tolerant...

        @jeremychappell

        ...of applications breaking.

        It's unfortunate that the very thing that brings them to computers (applications) are the very thing they depend on working every day, without fail.

        Breaking an application is a *HUGE* deal. Thus the Vista debacle, which when it comes right down to it was (aside from a few niggles) it was the security model change that really soured users.

        The only reason it did was--breaking applications. :)
        wolf_z
      • RE: Android malware in the wild

        @jeremychappell

        while both you an cylon centurion 0005 (BSG is an awesome show btw) are right, removing backwards compatibility would piss a lot of people off. The only effective way to handle this would be for windows to create or utilize some type of virtualization software that allows executables not made for vista or later to be run on those systems, completely separate from the OS itself, (kind of like wine for linux). If these programs require network access, create a virtual nat connection. You essentially need to treat all old software as a potential threat. But even this is not going to solve the problem.
        KBot
      • The security model didn't change much in Vista.

        @wolf_z: <i>Breaking an application is a *HUGE* deal. Thus the Vista debacle, which when it comes right down to it was (aside from a few niggles) it was the security model change that really soured users.</i><br><br>The change was to do away with running as a privileged user by default. You can achieve the same result in Windows XP by running as a non-privileged user. And you'll encounter almost the exact same issues with applications breaking as you would with Vista (though Vista included some things to help reduce the impact).
        ye
      • RE: Android malware in the wild

        @jeremychappell
        Sorry, but I was doing network programming before windows 3.11. Was even launching modem networks as well. Anyway, all systems are breakable. windows is the largest target 1)because they are the largest desktop market 2)they have a lot more holes. Can UNIX, Linux, OSX, etc be hacked, virus attacked, etc. Of course. Most viruses these days are launched via the web anyway.
        gbohrn
      • History has shown otherwise.

        @ gbohrn: [i]2)they have a lot more holes.[/i]

        In years past OS X and Linux have had more vulnerabilities than Windows.
        ye
    • RE: Android malware in the wild

      @Cylon Centurion 0005 : Your argument is flawed.

      When a car manufacturer fails to create the proper safety harnesses, it is said that his car in insecure. But by your reasoning, Toyota, Ford and GM should not be accountable, since the actual car drivers do the actual crashing.

      So... your is nonsense. Of course, users are guilty for malware, but they share the responsibility with the OS manufacturer which need to put safety measures in place. Windows never had them (witness the fact that most never expose the root user while Windows XP users are accustomed to having Sysadmin Rights) and those found on Vista and 7 are still not true deterrents (UAC is more a CYA measure than a real safety precaution and the other measures are unproven and rather exotic).

      Last but not least, as per the iPhone and iPad, the fact that you can simply wipe out the contents thru iTunes and have the device autoinstall the programs, means than in case of any threat, the user could simply sync the phone, wipe out the contents and start again in a couple of minutes (doing the same on Windows will take you several days).
      cosuna
      • Your's is flawed as well.

        @cosuna

        You can put all the safety measures in place that you can, but it is up to the person to use it or not. You can't force them to. Is it Chevy's fault "Joe Schmoe" didn't wear his seatbelt when he had his accident?

        Just like in operating systems, you can have all the roadblocks in place, but if Joe really wants to do what he wants to do, then the roadblocks loose all meaning.

        This is where malware prevails.
        The one and only, Cylon Centurion
  • Success?

    If this is success, then I don't want it. Malware on my phone? No even I'm not enough of a geek for that. If iOS can avoid this measure of success, I'll stick with that.
    jeremychappell
    • RE: Android malware in the wild

      @jeremychappell
      iOS is about as popular and I'm sure it is only a matter of time before malware creeps in. iOS does communicate with the outside world after all.

      The very first virus I encountered was on a Mac and so was the very first anti-virus. Many exploits have been identified on the Mac OS/X platform as well and Apple patches them just like Microsoft does.
      VRSpock
      • virus

        @VRSpock
        but no viruses for mac os x. not one since 2001. before apple went unix with their os in 2001 the classic mac os had thousands of viruses and that was before the mac went from 5 to 10% market share. so the "security through obscurity" idea is just a myth. mac os x is inherently more secure than windows because it is a unix system and was designed with the internet in mind from day one.
        banned from zdnet
  • I can't believe after all these years...

    ZDNET writers still propagate the 'security through obscurity' myth. Mac OS X is not obscure, there are millions upon millions of users. It's based in UNIX which is used by millions more and is inherently safer than windows; stop giving MS a free ride for their atrocious Swiss cheese software.

    Stop saying any popular OS would have the same problem. That's like saying all front doors can be kicked in by a burglar, yeah, a cheap wood door with a kiddie lock (windows) will be targeted by millions of burglars (viruses) whereas the solid steel door dead bolted shut will be avoided (UNIX)

    Use some common sense. There are millions of windows viruses because it's easy to write viruses for it. Plain and simple.

    "The real reason no viruses exist for Mac OS X has little to do with its low market share... but rather its near-impenetrability," many of David Zeiler's readers pointed out in a barrage of critical email missives responding to Zeiler's inclusion of a quote from an anti-virus software firm's consultant. The quote intimated that Mac OS X has no more inherent security than Windows.

    Zeiler reports, "Though many amateurs may be looking for, and finding, holes in Windows, the FreeBSD Unix code that forms the foundation of OS X has been prodded by legions of expert programmers for 30 years. Though a few hardy souls use the Unix offshoot Linux on PCs built for Windows -- they usually wipe Windows off the hard drive -- Unix typically is used in mission-critical roles, powering high-end work stations and file servers."

    "And, as mentioned earlier, crackers prefer hitting targets that will cause maximum disruption. 'Many orders of magnitude more people look over the source code for OS X and the related BSDs than have access to Windows source code,' said John Klos, a developer of NetBSD, a flavor of Unix closely related to OS X," Zeiler reports.

    "Thus, many of the obvious holes in OS X were closed years ago. That, some suggested, actually makes OS X a more attractive target. 'If I were a fame-driven cracker with solid technical skills, cracking a BSD-based system would be the fastest way to show off my capabilities,' said Rich Morin, a programmer and consultant based in San Bruno, Calif. 'My suspicion, therefore, is that many crackers have tried this challenge and failed,' Morin added. Still, he cautioned 'nobody has any way to know for sure,'" Zeiler reports.
    ShazAmerica