Android Malware Report - April 2012

Continuing on the same trend that we`ve noticed in our Q1 2012 E-Threat Landscape Report, the top Android malware detections have remained the same. Except for some new (app)aritions that have made their way into our chart, the number one threat still remains Android.Trojan.FakeDoc.A (most commonly known as “Battery Doctor”), followed up by the “Rage Against the Cage” exploit (aka “Android.Exploit.RATC.A”).

With a whopping 32.11% detection range for Android.Trojan.FakeDoc.A and 13.88% on Android.Exploit.RATC.A, it`s safe to conclude that these two will probably dominate our malware charts for a long time.

Two more Android exploits (Android.Exploit.GingerBreak.A and Android.Exploit.Exploid.B) are currently responsible for a large number of Trojan infections and as long as users will keep rooting their handsets, the problem is unlikely to go away.

Trojans that send premium SMS messages are still popular and Android.Trojan.SMSSend.G is a perfect example that 3.34% of scanned devices are still infected with it. For some reason, racking up carrier bills seems to send malware-coders into a boasting spree even though they`ve got nothing to gain from this (except perhaps if they own that premium-rate service).

The next runner up is Android.Hacktool.Faceniff.A, which is used to intercept Wi-Fi traffic in search of user names and passwords for Facebook, Twitter, YouTube and Nasza-klasa accounts. Occupying a shy sixth place, stealing passwords and usernames doesn`t seem to be all that important any more or at least as widespread. This hack tool will probably continue to pose a threat on the long run, but as our data suggests, malware seems to evolve in the direction where root access privileges are permitted, so that all personal information can be “smuggled” without users consent.

Ranked seventh, Android.Trojan.FakeInst.AN tricks uses into believing that they`re installing a perfectly legitimate app, such as an antivirus or an instant messaging app, while in fact it sends SMS messages to premium-rate numbers. Constantly eluding detection by changing its icon and file size, the Trojan is particularly deceitful and tricky to pin down in case of infestation.

A variation of our number one threat is reported as Android.Trojan.FakeDoc.B and although you might be inclined to think that it`s not that big of a threat, it still managed to squeeze in eight. Android.Trojan.SMSFlood.A clocked in ninth with a detection rate of 1.76%, which doesn`t meant that it should be treated lightly.

Our April Android malware report also caught an interesting hack tool that seems to be installed on 1.65% of scanned devices. Android.Hacktool.DroidSheep.A has pretty much the same behavior as Faceniff, meaning that it tries to grab passwords and user names from Facebook, Twitter and LinkedIn accounts.

With five Trojans, three exploits and two hack tools present in our report, diversity is not something that we lack. Stay tuned for next month`s report when we`ll come back with new stats and trends.

Remember, if you want to stay safe and protected from Android malware attacks and threats, make sure that you use a professional antivirus solution.

All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.