Game-changer: Android malware moves beyond apps

[Jack]

Android malware authors have officially turned the complexity corner, according to an analysis of mobile malware for the first quarter of 2013. The size and scope of the Android threatscape is evolving, adding new tactics and advanced approaches that extend beyond malicious applications.

According to F-Secure Labs' latest Mobile Threat Report, Q1 saw Android threat distribution reach outside of apps for the first time, via email spam, the first targeted Android attacks and the first Android advanced fee-fraud scam. Additionally, examples of increased commoditization of Android malware surfaced.

"I'll put it this way: Until now, I haven't worried about my mother with her Android because she's not into apps,” said Sean Sullivan, security advisor at F-Secure Labs, in announcing the report. “Now I have reason to worry because with cases like Stels, Android malware is also being distributed via spam, and my mother checks her email from her phone."

The Android trojan known as Stels has begun distributing via fake US Internal Revenue Service-themed emails, using an Android crimeware kit to steal sensitive information from the device, and monetizing itself by making calls to premium numbers. This type of mobile malware commoditization "could be a game changer," according to Sullivan.

Read more: http://www.infosecurity-magazine.com/view/32443/gamechanger-android-malware-moves-beyond-apps/

 

[McLovin]

Was just a matter of time before this would of happened.

 

[Jack]

Using spam links to distribute Android malware, will certainly increase the infections rate. However, the question is won't that link just try to install a malicious app, as I'm not aware of any kind of exploit for android? And currently my phone is set to block any app that is not from the Google Play Store, so how can this malicious app get installed? - https://support.google.com/nexus/4/answer/2812853?hl=en

Here are some details about this trojan: http://www.secureworks.com/cyber-threat-intelligence/threats/stels-android-trojan-malware-analysis/
Bogus landing page:

Here are the permissions that the Stels trojan will ask when will try to get installed.

 

[WinAndLinuxTutorials]

And the weird thing is many of us who haven't got an antivirus were not infected by malware on android. This proves that until now preventing malware on android is a matter of common sense...

 

[jamescv7]

Trusted source with valid feedbacks, popular applications and usage quantity.

There is no reason to try unknown products especially same content prgrame type which same from others.