Home / / Fortinet reveals Android malware threats

Fortinet reveals Android malware threats

Company says Android phones can be hit by five different malware families

Fortinet says that is has discovered five families of malware on the Android operating system.
Fortinet says that is has discovered five families of malware on the Android operating system.

Network security and unified threat managment (UTM) solutions provider, Fortinet, has released its Top five Android Malware Families. The FortiGuard Labs also tested a new vulnerability that affects Android phones at the root level.

"FortiGuard Labs has found approximately five times the amount of malicious families on the Android OS versus what we've found on iOS," said Axelle Apvrille, senior mobile anti-virus researcher at Fortinet. "We believe that this disparity can be attributed to the way Apple handles iOS application development and distribution. Unlike Android, which makes it fairly easy to place applications for people to download, iOS requires developers to undergo some strict screening from Apple before the application can make it to the Apple Store. That's not to say that Apple is totally immune from being infiltrated by malware - the Eeki banking worm proves that - but it is a testament to why we're seeing so little activity on the iOS platform."

The Top 5 malware families for which FortiGuard Labs have received the most samples in 2011 are: Geinimi, Android's first botnet, designed to send a victim's geographic location and control their phone remotely; Hongtoutou, which is a Trojan live wallpaper that steals private information such as the victim's subscriber number (IMSI) and automatically visits websites that the malware directs it to; DroidKungFu,  another botnet that has multiple capabilities such as remotely installing other malware, remotely starting specific applications and adding bookmarks; JiFake, a fake instant messenger application that sends SMS messages to premium phone numbers; and BaseBridge, which is a Trojan that sends SMS messages to premium numbers.

"Unfortunately, we believe Android's higher market share and open development environment comes with a price; an almost six fold increase in malware targeting the operating system," Apvrille said. "To date, our Labs have seen a 90% increase in Android malware families in 2011 compared to 2010, while malicious iOS families only increased by 25%. Of course, those statistics do not account for infection rates or dangerousness."

According to Fortinet, malware such as BaseBridge was available on the Android Market but was later removed.

"DroidKungFu was an example of malware that was found repackaged in a legitimate VPN utility, whereas Geinimi was found within the legitimate application ‘Sex Positions,'" said Karine de Ponteves, malware analyst at Fortinet.

Last month, Jon Larimer and Jon Oberheide published vulnerability for Android platform 2.3.6 that revealed an easy way for hackers and malicious software developers to gain and exploit root access to an Android device.

"The mobile security trend is a familiar one: as operating systems mature and gain popularity, malware and vulnerabilities follow since there is focus and motivation from cyber criminals," observed Derek Manky, senior security strategist at Fortinet. "With root access, hackers can gain access to system files and change system settings that are typically authored to be read only. For example, a malware creator with root access to a vulnerable device could silently download and install additional malicious software, such as ransomware, spambots and keyloggers."