Android applications can be ‘Trojanised' to turn legitimate apps into mobile malware.
According to Symantec, all an attacker needs to do is find an application to infect and embed freely available code by using an Android application package file (APK) tool that contains the necessary resources to re-write the application.
Mario Ballano Barceno, security response engineer at Symantec, said that as an Android application is self-signed, anyone can build an APK for Android and upload the malicious application to the marketplace.
Using the Geinimi software to connect with the command and control centre (C&C), data can be pulled down from the device to give the attacker information on the mobile device, what operating system it is running and the user's details.
Ballano said any application can be affected and re-uploaded. He said website redirections can be added to the browser to make a user go to a certain site; or, for 'monetisation' purposes, the phone will call or send SMS messages.
“The attacker implements a set of changes and they suggest the changes,” said Ballano.
Orla Cox, senior security operations manager of Symantec security response, told SC Magazine that all applications can be ‘Trojanised', but repeated targeting of applications would likely draw attention to the attackers.
“Also, if they're using the same malware all of the time, anti-virus vendors can easily handle that. Google is also pretty swift in pulling down known malicious apps from the official market store once it knows about them,” Cox said.
“It's better for the attackers to be stealthier and fly under the radar if they can. It means that their apps are more likely to last on the market.”