Android malware steals location data from mobile devices

BitDefender Labs has discovered Android malware that regularly broadcasts the location of the infected mobile device to a remote server.

What the malware creators intend to do with the privacy-invading information is not clear. The app operates in the background and appears on the smartphone or tablet as an icon with the word "store" written on it.

The store icon is apparently meant to fool the device user into thinking that it is only an e-commerce app, according to Bitdefender. In actuality, the malware broadcasts latitude and longitude of the device, as well as the name of the wireless carrier. It also attempts to enable the device's Wi-Fi connection and scan for antivirusailable access points. All the data is transmitted to the remote server via the device's Internet connection.

[More on the subject: Security managers split on BYOD, skeptical of Android devices]

"Speculating on why all this information is broadcasted, we could conclude that infected devices act as beacons, providing attackers with a relative positioning of certain Wi-Fi networks and the frequency to which infected devices connect or interact with them," BitDefender said in a blog post on Tuesday.

The lightweight spyware has no user interface and transmits location information every couple of seconds. Because the malware runs so effectively in the background, Bitdefender believes it will eventually be bundled with other apps.

Whether it's spyware or another type of malicious app, the number of mobile malware is soaring. The rate of growth last year was 155 percent over 2010, according to Juniper Networks. During the first quarter of this year, the year-to-year increase was 30 percent, with spyware alone doubling. Most mobile malware is targeted at Android, the leading smartphone operating system.

While the increase in mobile malware is troubling, the actual number of infected smartphones and tablets remains relatively few when compared with PC infections. "While we probably haven't seen a widespread, malware epidemic in terms of the Android platform, there have been some that haven't been detected," Christian Kane, analyst for Forrester Research, said.

As a result, companies are looking for technology to manage applications and corporate data on employees' devices. The mobile security market was $674.8 million worldwide last year and is projected to top $1 billion this year, according to IDC. By 2015, the market is expected to reach $1.85 billion, a compound annual growth rate of more than 35 percent.

Symantec, hoping to grab a slice of the pie, announced on Tuesday its first enterprise-grade antivirus software for Android devices. Called Mobile Security for Android, the antivirus software checks suspicious apps against Symantec's blacklist of known malware. When a bad app is discovered, the software can be set to notify the device user and a corporate security team through a mobile device management console.

Symantec also announced updates to its mobile security portfolio that adds technology for securing email and managing applications on Android devices. In addition, the company has integrated its mobile device management software with Microsoft's System Center, which is used to configure and manage Windows PCs.

Symantec's overall strategy is moving toward an all-in-one platform for securing and managing applications, data and devices, Kane said. "For firms that are not looking for one-off solutions, but would really like a single console, something that would integrate and work together, this is a step in the right direction for Symantec."

Symantec competitors in Android security include Intel-owned McAfee, Kaspersky Lab, Bitdefender and Lookout. The mobile security market in general is immature with many enterprise-grade capabilities missing, such as better application and data controls and secure tools for sharing and collaborating on documents with mobile devices, Kane said.

"Mobile management overall has been evolving quickly, but in general the technology is pretty immature," he said. "We have a ways to go in terms of bringing full capabilities that an enterprise would need to properly manage and control their apps, data and devices."

Google's Android is the most popular target for hackers. While Apple iOS is not immune from attacks, the company's tight control over apps built for the OS used in the iPhone and iPad keeps the number of malware down. Because any third party can build and distribute an Android app, malware often ends up on malicious Web sites or is hidden within hijacked legitimate apps.

Read more about wireless/mobile security in CSOonline's Wireless/Mobile Security section.

Join the CSO newsletter!

Error: Please check your email address.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by -no author-

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts