The Rising Tide of Android Malware

The explosive growth of mobile endpoints in the workplace has caused concern for IT teams since day one. After all, mobile devices are easily lost or stolen, and it’s difficult to keep employees from logging into unsecure networks once they’re off your campus.

However, another underlying threat to mobile security has begun to surface, giving security teams one more reason to be on guard.

The 2016 Dell Security Annual Threat Report revealed that cyber-thieves are creating an increasing volume of malware for mobile devices that run on the Android operating system. As the mobile market matures, thieves are discovering new ways to exploit this captive audience of mobile users. One reason Android might be seeing an increase in malware is because Android-device manufacturers do not always provide regular operating system updates, averaging only 1.26 security updates per year, according to a recent University of Cambridge paper titled “Security Metrics for the Android Ecosystem.”

As we know, hackers spread malware for a number of reasons, but most often the motives are financial. A list of the top malware packages (below) reveals that some of the largest names in banking were leveraged by criminals last year to add credibility to their offers, creating enticing and dangerous traps. This sophisticated malware tricked victims into providing sensitive financial details, or was deployed to mine for this information itself.

While the quickly eradicated Stagefright operating system bug and other Android vulnerabilities put the general population of Android users at risk, the bulk of Android malware last year targeted the financial sector in particular.

According to Dell’s Threat Report, malicious Android campaigns designed to steal credit card and banking-related information from infected devices were most prevalent, often even leveraging the official Google Play Store to trick victims into entering their credit card information. Other malicious Android packages (APKs) monitored certain hardcoded financial apps on users’ phones to steal login credentials.

Attackers could also use these malicious apps to break into employees’ phones by leveraging SMS text messages in order to steal device-related data. While Google has added a feature that warns users of multiple outgoing messages to thwart threats like these, it comes at the cost of user experience as even legitimate operations are sometimes flagged as suspicious. Other attacks didn’t gather financial data covertly, but rather demanded it outright through ransomware.

To reduce the threat of mobile malware infection, the October 2015 release of the Android 6.0 Marshmallow operating system included a slew of new security features that should help to stave off financially-motivated malware attacks in the near term. Of course, as security strategies evolve, so do attackers’ methods, making it likely we’ll see Android malware variants continue to grow throughout 2016 and beyond.

Every company is only as secure as its endpoints, and malware attacks like these can become a major corporate problem when victims bring their device into the workplace and connect with the enterprise network. And as corporate mobility grows, it’s reasonable to predict that we’ll see more attackers leveraging insecure endpoints to gain access into sensitive company data.

There are a few precautions companies can take to prevent the acquisition and spreading of Android malware among their employees:

  1. Look for mobile security solutions that enable you to control access and authorization to corporate resources from managed or personal devices by checking the user identity and security profile of the endpoint. Ideally, it should also allow you to restrict VPN access to a set of trusted mobile apps allowed by the administrator in order to prevent unauthorized apps from accessing VPN resources.
  2. Seek a mobile security solution that can easily integrate with your other security infrastructure as part of a defense-in-depth program. For example, it’s helpful if your mobile analytics engine, secure mobile access appliance and next-generation firewall or IPS work together to identify unusual access activities, step up authentication to verify identities and inspect both wired and wireless traffic to detect and prevent potential threats and command and control communication.
  3. Enterprise endpoint protection can provide an extra layer of defense that can be effective at recognizing and stopping Android malware.
  4. Have clear policies in place for corporate- and employee-owned devices, which should include mandates to only install applications from the Google Play Store, keep all default system security settings in place, disallow suspicious permission requests from apps, avoid rooting the device, and keep the operating system up to date. Ideally, employees should also be required to install AV and other mobile security apps and enable the ability to remote wipe their devices.
  5. Update all company-owned devices as soon as new versions of their apps or operating systems become available, and ensure employees are updating their personal devices as well.

Whether your company has been targeted or not, you can stem the rising tide of Android malware by helping your employees stay informed on the dangers of malware and how to avoid becoming a victim. Because, ultimately, the best endpoint protection is a well-informed employee.

What’s Hot on Infosecurity Magazine?