In 2014 our Mobile-Sandbox analyzed over 100,000 Android applications that were submitted by mostly anonymous users, Anti-Virus-Companies and by our own. In the same time we updated our system several times with new features and we modified the backend and the analyzing extensions. These updates unfortunately resulted in some downtimes and a clean database and we are still working to get all the data back in the system and to get everything running again.
Most of these malicious applications had been downloaded from Third-Party markets, but we also found some malware families with samples that had originally been downloaded from Google-Play. When looking at the malicious and unwanted applications and the corresponding families, one can see the following distribution of malicious behavior:
Continue reading “Our Android Malware Summary for the Year 2014”
After nearly a year I found some time today to update the mobile malware overviews for iOS and Android. I hope that I did catch everything that came up in the meantime, if not, please let me know which malware family is missing in the overviews.
Continue reading “Lazy Sunday Updates”
Our MobileSandbox paper from SAC2013 got an update. It has been accepted as an journal article for the upcoming edition of the International Journal of Information Security.
Continue reading “MobileSandbox @ Springer IJIS”
In 2013 our Mobile-Sandbox analyzed over 150,000 Android applications that were submitted by mostly anonymous users, Anti-Virus-Companies and by our own. Within this huge amount of data our system detected a bunch of malicious and unwanted applications belonging to 44 different and newly discovered malware families.
Continue reading “Our Android Malware Summary for the Year 2013”
In 2012 our Mobile-Sandbox analyzed over 300,000 Android applications that were submitted by mostly anonymous users, Anti-Virus-Companies and by our own. Within this huge amount of data our system detected nearly 43,000 malicious and unwanted applications belonging to 115 different malware families.
Most of these malicious applications were downloaded from Asian and Russian Third-Party markets, but we have also found 13 malware families with samples that had been downloaded from the official Google-Play market. When looking at the malicious and unwanted applications and the corresponding families, one can see the following distribution of malicious behavior:
|Families that steal personal information
|Families that send premium rated SMS messages
|Families with characteristics of a Botnet
|Families that contain Root-Exploits
|Families downloaded from the Google-Play Market
|Families that install additional applications
|Families that steal location related data
|Potentially unwanted applications
Looking at this table and the amount of more than 43,000 malicious applications that were submitted to our analysis system, it becomes clear that there is a real threat for bona fide Android users.
More than 50% of all malware families try to steal personal information from the smartphone like IMSI, IMEI and contact entries. Even if this action doesn’t harm the smartphone user directly the information can be sold on the underground market or used for targeted Spam campaigns.
The second most often threat harms the infected user directly: 30 % of all malware families send premium rated SMS messages that cost the user between $1 and $5 for each SMS message and, of course, these applications send more than one SMS message.
Nearly as dangerous as this set of applications are the malware families that come with their own root exploit. If this exploit works properly, the attacker can do nearly everything with the infected device without the knowledge of the smartphone user. This kind of malicious behavior was found in more than 18 % of all malware families.
Within 2012 a huge amount of Banks switched from the common TAN procedure to the mobile TAN (mTAN) for additional security. This trend can also be seen when looking at the malware families. In 2012 we detected 4 different families (3,5 %) that try to intercept and modify this mTAN messages. When the computer and the smartphone of an online banking user is infected with this kind of malware, the attacker can modify each transaction without the knowledge of the infected user.