Virus experts are warning that the next big security threat is on mobile phones and that the attacks have begun in earnest.
For months, security researchers have been tracking how hackers were trying to take their exploits to a new platform and infect smartphones with malware that could remotely control the devices.
Earlier this week, Symantec released a report about the spread of an infected app called “Steamy Windows” on Google’s Android platform. The simple but popular app makes it look like your screen is covered with steam, which can be cleared off with finger swipes.
Unknown hackers created a copycat version of the app, secretly loaded it with malicious commands, and released it to the web on unofficial app download sites.
It’s not the first time such a threat has been detected, said Symantec’s principal security response manager Vikram Thakur, but it’s far more sophisticated — and successful — than what was previously spotted in circulation.
“It definitely had a lot more features than we’ve been seeing with Android threats in the past few months,” said Thakur, noting the malware enabled a hacker to retrieve data from an infected phone, send out premium rate text messages, show advertisements, and launch any website.
The attack could not force the phone to dial out, or activate a built-in camera but it’s probably a matter of time until other viruses can, Thakur said.
“We expect more sophistication,” he said. “It’s definitely a step toward getting more and more comprehensive in their actions but I’m very certain this is not the end of it.”
While the infected Steamy Windows app wasn’t available through the official Android Marketplace, dozens of virus-laden apps somehow managed to get past Google’s screening and were pulled offline Wednesday after being reported by users.
Among the infected apps were “Photo Editor,” “Hot Sexy Videos,” “Chess,” “Falling Ball Dodge,” “Scientific Calculator,” “Advanced Currency Converter,” “Spider Man,” “Music Box,” “Super Stopwatch & Timer” and “Color Blindness Test.”
Thakur said experts were quite surprised that so many infected apps made it past Google and were available for several days before being pulled.
“The fact that Google has vetted them and made them available on Google’s controlled website, it does instil a certain amount of comfort in the user,” he said.
“I was pretty impressed that Google was able to pull the reported apps in less than five minutes (after being alerted) but what remains to be seen is what kind of process improvements they make on their end before they vet any application onto their marketplace, if any at all.”
So far, virus threats have mostly targeted the Android platform. That’s due to a few reasons, Thakur said. Apple’s app vetting protocol is extremely rigorous and sneaking viruses into the App Store would likely be very difficult, he said. And because BlackBerrys are often tied to a corporate IT infrastructure with system administrators watching network traffic, evasion could also be difficult. The use of the Android platform is also growing exponentially, which allows hackers to cast a wide net when trying to infect users, Thakur added.
“For the malware author, the first thing he looks at is ’Where can I get my money’ and he’s going to follow wherever the honey is. The immense success of the Android platform has kind of lured the malware authors,” he said.
There are a couple of ways for Android users to protect against downloading infected apps, Thakur said. There’s an option in the phone’s settings to only allow installs of Google-approved applications, although if more apps sneak past Google, a phone could still be affected. Thakur also recommends against downloading apps from third-party sites, especially if they promise free versions of popular apps.
If a phone is infected there are consequences.
“The worst case scenario for the common user is, let’s say, loss of data, whatever is stored on the person’s phone —whether it’s contact information or emails — or a high monthly usage bill. If someone was able to remotely control your phone and start sending premium SMS messages all across the globe then chances are you’re going to be getting a bill you were not expecting.”