Malware: the menace in your mobile - TechCentral

Malware: the menace in your mobile

Is your fancy new smartphone behaving strangely? Don’t just shrug it off. Security experts warn that as phones become more like computers, they’re becoming a target for the writers of malicious software. And some of that malware can be particularly nasty.

No mobile phone operating system is safe from malware, but some are more prone to attack, say experts.

For now, Google’s smartphone operating system, Android, appears near the top of the list when it comes to the growing number of virus threats. Jayson O’Reilly, senior security product manager for Africa and SA at Symantec, says in the past two weeks the company has identified at least seven new types of malware on Android.

He says because Android has become one of the most popular platforms it has become a popular platform for attack. “The number of viruses we have seen on the platform over the last three months has been astronomical.”

The most recent attack the company is aware of was discovered on Wednesday afternoon. The virus has been dubbed “root cager” and is malicious code embedded in popular applications available for download for Android devices.

O’Reilly says that between 50 000 and 200 000 free Android applications downloaded were infected with root cager over four days it went undetected.

Like most smartphones, Android users are given access to a plethora of online applications they can download and install on their phones. However, O’Reilly says it is precisely the access to free applications that has made the increase of malware infections so prevalent on Android.

“The fact that Android is based on open-source systems makes it an easier target for attack,” he says.

Denis Maslennikov

Denis Maslennikov, senior malware analyst at Kaspersky Lab says for the most part malicious code in apps is written for criminals seeking monetary gain.

“Cyber criminals create Trojans that send expensive premium-rated SMS messages or call international premium-rated numbers,” he says. The criminals set up these numbers themselves.

“We’ve also seen a number of Trojans that steal personal information such as handset equipment numbers, subscriber’s identity, call logs, contact lists and SMS messages,” says Maslennikov.

“It is important to note that malware becomes more and more complicated.”

Android isn’t the only platform that’s been attacked. Symbian-based devices were the first phones to be attacked by cyber criminals and continue to be a popular target.

Closed systems used by Apple’s iPhone and Research In Motion’s BlackBerry appear to have the best track record so far. Most of the apps installed on these devices need to be vetted first by the companies.

Toby Kurien, an SA Android developer, says a particularly “frightening” attack involves an application that surreptitiously “jail breaks” the iPhone, allowing criminals access to users’ information. Jail breaking removes the security controls built into the device, allowing applications access to almost any aspect of the phone.

“This is the first mobile virus I have seen that can actually do damage to your phone,” says Kurien.

However, he says smartphone users can protect themselves. When downloading applications, specifically on Android, users must check the permissions the application wants.

“When you install an application it will ask you for access to the Internet, or contacts, or something similar. In some cases applications need access to those things … but users must exercise their discretion.”

Kurien says users should also only download apps that have already been tried and tested by other users. “If there is a problem with the application, other users will have picked it up and commented on it,” he says.

Security companies such as Symantec and Kaspersky have mobile security applications that they say can be used to prevent attacks on smartphones.  — Candice Jones, TechCentral

2 Comments

  1. This is a poorly-written article. It implies that the iPhone is just as vulnerable to the security threats that affect Android – a claim which is patently false due to iPhone’s lack of side-loading – but it quotes a local Android developer on the issue of iPhone security. Not only is the man not an expert on iOS security, but he has a clear conflict of interest.

    In fact, his claim is false: While there have been security exploits in Safari that allowed an iPhone to be jail-broken (the same exploits affect Android’s browser too), there has to date not been a single app that has been available for sale on Apple’s App Store that contained any root escalations or had the ability to jail-break the device. So far, for all its negative consequences, Apple’s restrictions on apps have made iOS a more secure platform from the threat of rogue apps.

    I expected better from TechCentral.

  2. @Leo – Perhaps next time you should read what it said before going off in a huff and accusing someone of writing poorly.

    Fact is nowhere in the article does it imply that the iPhone is just as vunerable as other Smart phones. In fact the article clearly states that “Closed systems used by Apple’s iPhone and Research In Motion’s BlackBerry appear to have the best track record so far. Most of the apps installed on these devices need to be vetted first by the companies”

    Also the local developers quote is not false. He doesn’t say a word about any apps at all – he points out that in jailbreaking an iPhone it leaves that user vunerable as the security controls are gone.

    I really expected better from someone who reads TechCentral.

© 2009 – 2019 NewsCentral Media