Android infections tripled in 2012, "Bill Shocker" costliest mobile malware ever

By on April 15, 2013, 6:00 PM

Android has become an increasingly popular target for malware authors, a recent report (pdf) by NQ Mobile indicates. The security firm claims that it discovered over 65,000 types of malware -- more than double the amount from 2011 -- and bills Android as the number one mobile platform targeted by malware attacks. 

Forms of social engineering (i.e. phishing) remain a favored way to attack Android owners for profit. Smishing, a SMS-based phishing technique, is one such tactic popular in the mobile world. Meanwhile, repackaged apps from third-party app stores and malicious websites were also common vectors of infection exploited by malware authors.

While the number of infected packages effectively doubled, the quantity of infected Android devices tripled between 2011 and 2012 from 24,794 to 65,227. In 2009, that number was only 1,649.

The most noteworthy Android-based badware was "Bill Shocker", a prolific mobile malware which NQ Mobile labeled as the most infectious and costly in history. Largely only an issue in China, the aptly named Bill Shocker would take control of an Android smartphone and silently send texts from the device to premium rate numbers. Premium SMS messages are billed to the owner's account without their explicit consent -- this is also known as toll fraud.

Other honorable mentions include VDloader, DDSpy, DyPusher and FireLeaker -- each with their own distinct attack vectors and payloads.

Although most malware is ostensibly incentivized by financial motives, as many as 7 percent of payload-carrying packages were designed to brick a user's smartphone. Meanwhile, 28 percent were designed to collect information for profit while 65 percent fell into the often less-hazardous category of PUP (a potentially unwanted program).




User Comments: 16

Got something to say? Post a comment
Darth Shiv Darth Shiv said:

Hmm have to do some looking into these attack vectors...

1 person liked this | hahahanoobs hahahanoobs said:

This just goes to show that no desktop or mobile OS is safe. Thankfully most (or all) of these infections/exploits/scams can be thwarted with common sense.

Trillionsin Trillionsin said:

Hmm have to do some looking into these attack vectors...

mmmmm'reallly you dont say now

St1ckM4n St1ckM4n said:

These are pretty bad numbers, but on the whole I think that a few factors have made this increase so high:

- The age at which people obtain smartphones is dropping - naivety and n00bness with technology.

- Apple jailbreaking is becoming more mainstream.

- Android equivalent for n00bs is very easy - enable 3rd party apps, pirate the apps.

- Piracy is more mainstream.

Darth Shiv Darth Shiv said:

Hmm have to do some looking into these attack vectors...

All seem to require user initiated app installation from untrusted sources.

This just goes to show that no desktop or mobile OS is safe. Thankfully most (or all) of these infections/exploits/scams can be thwarted with common sense.

Fortunately it seems that way so far...

LinkedKube LinkedKube, TechSpot Project Baby, said:

These are pretty bad numbers, but on the whole I think that a few factors have made this increase so high:

- The age at which people obtain smartphones is dropping - naivety and n00bness with technology.

- Apple jailbreaking is becoming more mainstream.

- Android equivalent for n00bs is very easy - enable 3rd party apps, pirate the apps.

- Piracy is more mainstream.

A very small percentage of android and even iphone users

jailbreak or root their phones. Your assumption that the android equivalent of a jailbroken iphone(which is "rooted" btw) is associated with noobness lets us know that you are far off on the knowledge that you think you know about these devices. You show me 10 things you can do with a jailbroken Iphone. I'll show you those 10 things and 40 more for an android device.

I will say that your statement above can apply to those "one click" root tools, but for the most part those options are limited to Froyo based Android devices or older. I jailbroke an iphone once. Mostly the same process .

St1ckM4n St1ckM4n said:

A very small percentage of android and even iphone users

jailbreak or root their phones. Your assumption that the android equivalent of a jailbroken iphone(which is "rooted" btw) is associated with noobness lets us know that you are far off on the knowledge that you think you know about these devices. You show me 10 things you can do with a jailbroken Iphone. I'll show you those 10 things and 40 more for an android device.

I will say that your statement above can apply to those "one click" root tools, but for the most part those options are limited to Froyo based Android devices or older. I jailbroke an iphone once. Mostly the same process .

My post was dumbed down. :P I do know about Android rooting quite a bit. I have a number of devices that are rooted with custom ROMS myself.

I was trying to make a link between the 'free' apps on jailbroken iPhones to 'free' apps on Android.

PinothyJ said:

Why would anyone bother with third party program marketplaces? The most expensive program on Play is what, $20?

Sure is worth the 'bill shock'...

Guest said:

Major misnomer here.. since you've bought nothing, then there is nothing for software to molest.

Android is free... you do not pay for it, therefore, whatever malice is done to your hardware is moot. Because you didn't pay for the free Android... then any amount of malice is the buyer fault, for not protecting themselves upon purchase.

It can only be malicious, if it harms something that is YOURS. You own your phone, but not the software on your phone.. that is still Google's.

Big difference from an OS you purchase and install...

1 person liked this | Tygerstrike said:

Most consumers do not realize that you have to take the same precautions with a smartphone as you would with your home PC. I mean they are completly ignorant.I have to troubleshoot phones at work and I can tell you two things from my own experience. 1. The Facebook app is a phone killer. 2. Most ppl with a smartphone do not realize that apps can affect the way your phone works. I mean they are really that ignorant of the dangers out there. When I attempt to educate them on the dangers of malware, I get ignored. They dont want to hear that the phone that they have been useing like a mad person is infected. They dont want to take responsability for the apps they download. For some reason they think that smartphones are invulnerable.

Great part is, I tell these ppl and they ignore me. When they come back into my store with the same problem again. I get the JOY of fixing their problem and educating them again.

slh28 slh28, TechSpot Paladin, said:

You show me 10 things you can do with a jailbroken Iphone. I'll show you those 10 things and 40 more for an android device.

Still haven't found an Android equivalent of Activator. On an iphone I used to use the volume up/down buttons as next/previous track when music is playing.

St1ckM4n St1ckM4n said:

Still haven't found an Android equivalent of Activator. On an iphone I used to use the volume up/down buttons as next/previous track when music is playing.

You realise that has been available for years?

Guest said:

This just goes to show that no desktop or mobile OS is safe. Thankfully most (or all) of these infections/exploits/scams can be thwarted with common sense.

Fortunately it seems that way so far...

Unfortunately, there are those in the Linux community who subscribed to this delusional belief that Linux is immune to malware and you don't need common sense to secure your OS.

slh28 slh28, TechSpot Paladin, said:

You realise that has been available for years?

Enlighten me...

St1ckM4n St1ckM4n said:

Enlighten me...

Ok, no problem. I've had the feature on the old Gingerbread 2.3.3.

It's Android, you can do what you want.

Trillionsin Trillionsin said:

Ok, no problem. I've had the feature on the old Gingerbread 2.3.3.

It's Android, you can do what you want.

Well, where's a Staples Big Red button when you need it?!?!

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.