In September 2011 alone, the number of newly discovered malware for Android-based devices increased by more than 30 per cent. Running parallel to this is another clearly visible trend in mobile malware: more and more, often malicious mobile apps, are targeting users personal data. And in October 2011 the share of particularly Android malicious apps trying to steal personal data went up to 34 per cent. This trend is of course alarming, especially if we take into account that such malicious mobile programs sometimes show up on Android Market.
An example of a malicious app distributed through the official store is Trojan-Spy.AndroidOS.Antammi.b. This program, masquerading as a simple app for downloading ringtones, appeared on Android Market only to be removed after notification from Kaspersky Lab. The cover program is designed for users in Russia, who use it to send text messages to a paid service to receive back desired tunes. This activity is perfectly legitimate; however, the malicious payload activity is simultaneously going on in the background. Like traditional desktop malware, Antammi.b steals almost everything: contacts, texts, GPS coordinates and even photos. The activity log is then sent to the criminal behind the scam via a simple e-mail message, and the data is uploaded to a server.
The unrequited love-story being played out by the cybercriminal world and the Android platform is not surprising – due to the platforms leading market share, flexibility and openness, yet at the same time lax control over its software distribution. The result is a share of Android-based malicious programs among all mobile malware currently being higher than 46 per cent, and growing rapidly. More worrying is the fact that, apart from stealing personal data, sending texts, and making calls to premium numbers, mobile malware is also targeting banking services, which often send one-time passwords and confirmation codes to mobile phones.