McAfee says that Android malware is taking a worrisome turn, with cybercriminals mimicking popular strategies used against Windows. The latest attacks tap IRC bots, where the malware gets further operating instructions from an Internet chatroom.
Called Android/Multi.dr, the attack masks itself as the game Madden NFL 12. Multi.dr is comprised of three separate components, including a root exploit, an IRC bot, and SMS Trojan.
The first method of attack is the root exploit, which "roots" the device and allows code to be executed as an administrator and allows code to be executed from a remote server. This is vital for the next component, the IRC bot, to do its dirty work. Once the device is rooted, the IRC application is executed, hidden as a PNG image file.
Research specialist Arun Sabapathy says this file is actually an .ELF file, which is Android's version of an executable. Once executed, the IRC channel stays open and receives and executes commands on the device.
Potentially more serious in terms of security is the SMS Trojan. Infected users will find themselves being charged by texts to premium numbers worldwide. That isn't the least of it: there is code within the Trojan that scans all SMS messages received to see if any of these premium numbers are already used. If by chance one of these numbers is used by a legitimate company and the message exists on your phone, it is sent to the attackers.
"This alone tells us how serious this attack can be", Sabpathy says. "However we are not sure, at this point, what purpose they collect and use some of the data for as we are not sure about what their server side code is and does". With attackers increasingly turning to mobile to launch their attacks, Sabpathy all but says these more desktop-like attacks are bound to increase in the not too distant future.
What can be done to protect yourself? Limit downloads of apps from little-known or suspicious app repositories. While the advantage of Android is not being limited to Google Play, the store remains one of the safest places to find new apps.
With the increasing amount of malware appearing on the Android platform, knowing what and from where you're downloading is becoming increasingly important.