Android malware surges while Symbian malware is still growing

When Nokia switched loyalty from Symbian to Windows Mobile, Symbian’s demise became inevitable. It is now in maintenance mode with no further development. Trusted Reviews quotes a message to a developer from Nokia Developer Support: “We have written down your ideas for future development if there is a chance that new features will be released.” Now, with Windows 8, that seems very unlikely: shipment of Symbian phones reportedly fell by 62.9% in Q2 2012, and Symbian accounts for just 4.4% of the global smartphone market.

Despite this, F-Secure found more than 20 new Symbian malware samples during the last quarter. Most of these originate in China, and are either SMS or WAP-enabling trojans. The former “simply sends out SMS messages that silently sign up the device owner for a premium subscription service, incurring charges [on] the user’s account,” says F-Secure. The latter, “such as PlugGamer.A, are capable of acting as scripted bots, silently playing a regular, albeit simple browser-based online game over the WAP service.” The cost is then recovered from the victim via the mobile service operator.

Unsurprisingly, however, it is new Android malware that provides the headlines. Despite Google’s new Bouncer system aimed at reducing the incidents of new malware (Google claims Bouncer has resulted in a 40% drop in malicious apps being offered), F-Secure now detects 51,477 examples of malware. Forty-two new families and new variants of existing families were found in Q3. Most of these are SMS trojans, although there are increasing examples of data-harvesting malware. 

F-Secure suggests that the growth in Android malware is simply following the success of the operating system. China, for example, is now the world’s largest smartphone market – and Android accounts for 81% of that market. According to IDC’s latest figures, Android now has 75% of the world smartphone market.

The report highlights two particular malware examples from the last Quarter that show the evolution of smartphone malware into more sophisticated and dangerous areas. The first is the discovery of a Blackberry Zitmo trojan. Zitmo, Zeus in the mobile, intercepts a banking transaction authorization code and silently forwards it to a remote server. The second is FinSpy, a multi-platform surveillance trojan available on Android, iOS, Windows Mobile and Symbian. “FinSpy,” says the report, “can take screenshots of an infected device, record keyboard strokes, intercept Skype communications, track device location, and monitor SMS and call activities on the device.”

It is a trojan version of the commercially produced FinFisher surveillance application produced by Gamma International Ltd, and designed for government customers. It gives “full access to stored information with the ability to take control of target systems' functions to the point of capturing encrypted data and communications,” says the Gamma blurb. The code, however, has leaked into criminal hands, and FinSpy is now the criminals’ version.

What’s Hot on Infosecurity Magazine?