Security threat reports are be finding mobile malware to be an ongoing and growing threat, but malware researcher Hitesh Dharmdasani has some simple advice for those concerned about getting infected by nasty, insidious, and occasionally downright surprising malware.
“The best way to keep yourself protected is to not go on third-party market stores or download apps that are not from a recognised marketplace,” Dharmdasani told CSO Australia.
“Most malware that we see comes off of third-party stores, and from apps that are posted on various forums of some sort. The best thing to stay safe is to keep yourself within the context of the Google Play Store; that should keep you away from most problems.”
Dharmdasani should know: as part of the malware research team within security vendor FireEye, he is at the front line of the fight against the mobile-malware invasion. He's seen and analysed a steady stream of mobile malware – including, most recently, an Android strain called Android.HeHe that disconnects calls and blocks SMS messages received from certain phone numbers, then removes any trace of the numbers from the device's logs.
The list of blocked numbers is unknown as it is retrieved from a remote command-and-control server on request by the malware. Since the malware is written in Korean, it is also tricker to work with than some other malware.
Code like Hehe, Dharmdasani said, is “quite different from what we usually see” as it's not focused on damaging or stealing data – as in MisoSMS, another Android malware recently discovered by FireEye Labs.
“We have seen Android malware doing premium text messaging and doing surveillance, but not often do we see it intercepting messages and phone calls,” he explained. “That's the sort of thing we see malware heading towards, and it's what I am at least a bit more concerned about.”
The vulnerability of Android devices to malware continues to be a source of concern across the industry, with the Cisco 2014 Annual Security Report the latest study to confirm that Android is a significant and growing target for malware – with the Andr.SMSSend family comprising 98 per cent of observed Android malware families and Andr/Qdplugin-A the most common specific strain.
Fully 99 per cent of mobile malware targeted Android devices in 2013, the report found, while noting that Android users have the highest encounter rate – 71 per cent – with all forms of Web-delivered malware (users of Apple's iOS operating system, by contrast, comprised 14 per cent of all Web malware encounters).
“When users download mobile apps, they're essentially putting a lightweight client on the endpoint – and downloading code,” the Cisco report warns. “Many users download mobile apps regularly without any thought of security.”
Mobile devices introduce other security issues, the Cisco report notes, with the loss of intellectual property an ever-present threat and historical experience showing the use of wireless channels to eavesdrop on data being exchanged wirelessly.
Mobile malware targeting specific malware made up 1.2 per cent of all Web malware encounters in 2013, Cisco found, noting that with increasing efforts to monetise Android malware during 2013 it's clear that mobile malware is “an emerging – and logical – area of exploration for malware developers”.
Whether that exploration eventually turns mobile malware into an unmanageable problem remains to be seen, but for now he's confident that he and his colleagues – working tirelessly in research labs at security firms around the world – can keep up with the torrent of new mobile malware.
“As a community we are definitely keeping up with it,” he said. “It's not growing as fast as the Windows ecosystem was, where you would see tens of thousands of new samples all the time. But I think [malware authors] are not too far behind in keeping up.”