Security News Android Malware Slowly Adapts to Marshmallow's New Permission Model

Exterminator

Exterminator

Community Manager
Thread author
Verified
Staff Member
Well-known
Oct 23, 2012
12,527
Malware coders have adapted two Android trojans to cope with Marshmallow's new user permission model, showing that despite Google's best efforts, crooks will plow through all the company's security measures and still reach their targets, even if in lesser numbers.

Google launched Marshmallow last year. One of the key security features introduced with the mobile operating system was the new permission model that allowed apps to require the necessary permissions at runtime when a certain app function needed access to more data.

Initially, malware coders didn't like this because it spread out all their malicious app's intrusive permissions across different popups, giving users the opportunity to spot something wrong.

Crooks initially ignored the new permissions model
But crooks are resilient, so they adapted to adding the "target_sdk" attribute to the malicious app's code, and giving it a value of less than 23. This value told Marshmallow to ask for all permissions at installation, like on older Android OS versions.

While this was fine and dandy in the beginning, security vendors quickly noted this change, and took a closer look at Marshmallow apps that employed this trick, and by doing so, brought the malicious apps more into the limelight.
Now, Symantec reports that two malware families, the dangerous Android.Bankosy banking trojan, and the Android.Cepsohord click-fraud bot, have evolved to use the new permission model, which they despised in the beginning. Both ask users at runtime for permissions, as they need them.

Furthermore, both trojan also checks at runtime if the permissions are still active. If the user has decided to revoke one or more permissions, the trojan asks for them again.

It's all the same for malware coders
A possible explanation for why malware coders decided to take this road resides in the profile of infected victims. Most people that suffer from such virus infections aren't technically trained experts, educated and experienced enough to spot such threats.

The vast majority are regular users, which often just click through all permissions without reading them. We're all guilty of that, but some people just don't care about permissions anymore, and that's the reason why Google decided to split them across different screens.

Malware coders are leveraging on popup fatigue to help their malicious apps get all the permissions it needs. In case the user reads permission popups, he would have detected the suspicious malware regardless. In case the user just ignores the popups, the user gets infected anyway. So it's practically the same for malware coders, who at the end of the day will be successful at infecting the same less-technically skilled and uneducated users as before, regardless if they ask for permissions in one way or another.

Sure, Android Marshmallow's new user permission system is great and may help users spot abusive and privacy intrusive apps, but it only works if you know what all those popups and permissions do, and some people don't, and that's why Android malware is so successful right now.

It will take some time before the vast majority of users get truly acquainted with Android and how mobile malware works, but even today, after decades of having Windows around, users still get infected with malware
Click to expand...
.
 
  • Like
Reactions: Alkajak, Ink, Daniel Hidalgo and 3 others
Ink

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
exterminator20 said:
Most people that suffer from such virus infections aren't technically trained experts, educated and experienced enough to spot such threats.

The vast majority are regular users, which often just click through all permissions without reading them. We're all guilty of that, but some people just don't care about permissions anymore, and that's the reason why Google decided to split them across different screens
Click to expand...
This is why I don't use Android.

All jokes aside, it's an excellent choice for an open platform, but it's downfall is not understanding how to protect yourself. Whereas with Windows Mobile and Apple iOS, users are protected within it's walled-gardens, without requesting the user to control their actions.

What do you think? :confused:
 
  • Like
Reactions: Alkajak
You must log in or register to reply here.

Similar threads

silversurfer
    • Like
    • +Reputation
Zanubis Android Banking Trojan Poses as Peruvian Government App to Target Users
Replies
0
Views
1,186
News Archive
silversurfer
silversurfer
silversurfer
    • +Reputation
    • Like
GoldDigger Android Trojan Targets Banking Apps in Asia Pacific Countries
Replies
0
Views
1,205
News Archive
silversurfer
silversurfer
silversurfer
    • Like
    • +Reputation
    • Thanks
Malware News Cybercrime service bypasses Android security to install malware
Replies
0
Views
1,229
Security News
silversurfer
silversurfer

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top