Android malware threat getting real

Android 2

More threats targeting Google's Android operating system have been spotted by security researchers.

A version of the notorious Zeus Trojan has been spotted targeting Android, after cyber criminals managed to get the malware uploaded to the official Android Market hidden in an app.

The app disguised itself as a tool from security company Trusteer. Ironically, Trusteer chief executive (CEO) Mickey Boodaei this week said he expects one in every 20 Android mobiles and iPhones to be infected by financial malware and Trojans within the next 12 months.

However, according to Kaspersky Lab researcher Denis Maslennikov, the Android malware is "far more primitive" than the ZeuS-in-the-Mobile (ZitMo) threat targeting Symbian, Windows Mobile and BlackBerry smartphones.

It can only upload all incoming SMS messages to a remote web server, he explained.

Whilst the threat has been removed from the Android Market, it does not the threat is gone, Maslennikov said.

"The application has already been removed but, as it was in previous cases of malware in the Android Market, there are mirroring websites which save the information about all the programs approved by Google," he added in a blog post.

"So, now we have ZitMo targeting four platforms: Symbian, Windows Mobile, Blackberry and Android."

Infecting each other

BitDefender has also identified a new piece of Android malware, which spreads via self-advertising links unwittingly sent by users over two "clean" online video stream viewers available on the Android Market.

Users are prompted to send an SMS or an email to promote the viewers to contacts and friends. Users that do so will send on links, which point to a malicious app known as Android.Trojan.KuSaseSMS.

The actual app user isn't at threat here, it's their contacts and friends who are in danger of infecting their phone.

Once the app is installed, it not only sends six texts to a Chinese phone service number, it accesses an "alleged update link," which opens the user's phone up to yet more malicious code.

That additional code is similar to HippoSMS, which "is known to piggyback apparently legitimate applications available on alternative Android markets and to send SMS messages to premium rate numbers," BitDefender said.

"This could well be the first time that Android users are tricked into putting their friends at risk," said Catalin Cosoi, head of the BitDefender Online Threats Lab.

"By using their friends and contacts to effectively endorse the safety of the links, it's likely that a higher number of people will let their guard down and click through. I have to say this is a pretty ingenious way to spread malware, and we may well see more of this technique in future."

At the time of publication, Google had not responded to a request for more information on either threat.

Tom Brewster

Tom Brewster is currently an associate editor at Forbes and an award-winning journalist who covers cyber security, surveillance, and privacy. Starting his career at ITPro as a staff writer and working up to a senior staff writer role, Tom has been covering the tech industry for more than ten years and is considered one of the leading journalists in his specialism.

He is a proud alum of the University of Sheffield where he secured an undergraduate degree in English Literature before undertaking a certification from General Assembly in web development.