Decipher and defend against Android malware

Android Malware
Photo credit: XDA Developers

In the past year, there have been several incidences of sneaky Android malware successfully passing Google’s security measures and finding a place for itself on Google Play.

The latest malware app to hit Play Store is known as the Super Free Music Player, which has been downloaded more than 10,000 times. SophosLabs confirms that this app uses sophisticated techniques formerly found in the BrainTest malware such as time bombs and IP mapping to bypass detection by Google and security researchers. Essentially, attackers repurposed the BrainTest app and released it as Super Free Music Player.

The malware in Super Free Music Player is designed to download additional payloads from remote websites and upload device information including installed applications and the country, language, manufacture, model etc.

Super Free Music Player is not the only dangerous app out there, as attackers are constantly targeting Android with malware, including ransomware. In a SophosLabs analysis last year, our systems processed more than 8.5 million suspicious Android applications, with more than half of them being either malware or potentially unwanted applications, including poorly behaved adware. Since the first Android ransomware was discovered in the middle of 2014, we have seen a significant increase in the last three years.

Super Free Music Player
Photo cred: Sophos

Recently, although Android was spared from the WannaCry attacks due to the ransomware specifically targeting Windows, Android devices are still huge ransomware targets; especially with the growing adoption of Android in the enterprise environment. Android users generally are prone to two types of ransomware – lock screen, which locks the screen but does not encrypt the files, and crypto; which can encrypt the user’s data while locking the device.

Finally, another security issue has come to light that Android devices now contain pre-installed malware. Android devices such as Galaxy Note edge, OPPO N3, ASUS Zenfone 2 have been listed as infected devices with malicious code already present on the devices before being issued to users.

With Android malware and vulnerabilities on the rise, it is more crucial now than before for Android users to be vigilant to safeguard their devices.

Recommended best practices

  • Stick to Google Play. Although it is not perfect, Google does put in plenty of effort to prevent malware from arriving in the first place. Google also immediately purges the app from the Play Store if it shows up, unlike many alternative markets that allow app creators to upload any app they want, as often as they want.

  • Consider using an Android anti-virus as it can block the install of malicious and unwanted apps. Sophos Mobile Security is a free tool that protects Android devices from the latest malware and online threats.

  • Avoid apps with a low reputation. It is recommended to do some online research on the app and read user reviews before installing it.

  • Patch early, patch often. When buying a new phone model, check the vendor’s attitude to updates and the speed that patches arrive.

Sumit Bansal, Director for ASEAN and Korea, Sophos
Sumit Bansal, Director for ASEAN and Korea, Sophos

Written by Sumit Bansal, Director for ASEAN and Korea, Sophos

Header pic cred: XDA Developers

Vernon
Vernon is the founder and chief editor of Vernonchan.com. A graphic designer by profession, he has a deep love for technology, cars, gadgets, food, and travel. He tweets too much and is also known as a caffeine bacterium ("life's too short for bad coffee"). Bleeds Blue (go Chelsea FC!) and considers BMW, Porsche, Alfa Romeo cars to have in the garage--hallmarks of a true petrolhead.