Malicious apps can disable Android OS antivirus software

Android developers have another challenge on their hands. Privateer Labs has reported that a certain component in the Android operating system can be exploited by malware to subvert antivirus software that renders antivirus scans on your Android device ineffective. Malware can even corrupt antivirus software and use it as a malicious application. Reiley Hassell, the founder of the security firm Privateer Labs, declined to identify the component of the Android operating system that is vulnerable, as he is addressing it with Google.

While Android mobile apps have grown tremendously in scope and depth, they have also attracted their fair share of threats. Android overtook Symbian as the mobile operating system most attacked by malware in the second quarter, McAfee reported. Riley indicated that the recent security vulnerability is “definitely an Android issue.” Android development market software is not pre-vetted by the market and users end up with malicious apps posing as genuine.

“App phishing” is another strategy by cybercriminals where users are tricked into downloading and installing an app that looks genuine but actually contains a Trojan horse, which alerts the developer when the user activates the app. In the case of a banking app, the developer can hijack the session by presenting a fake authentication screen that steals the login details, leading to the loss of personal and financial data. Zitmo Trojan malware, also known as ZeuS, acts as a legitimate bank activation app, accepting incoming SMS messages and forwarding them to a remote web server. One-time access codes that banks send to users via SMS for two-factor authentication purposes can be stolen by Zitmo-like apps.

Riley opined that this is a “difficult problem to solve” and explained that the Android development community as a whole needs to solve it. Determining who will police the sanctity of Android apps is a challenge per se. Chris Wysopal of Veracode, an application security provider, has called for Android mobile apps to be scanned for malware before they appear on the market. A signature-based scan for malware can be applied. Google has already removed malicious apps twice from the market this year, once in March when it removed more than 50 malicious apps and then again in June when it removed 2 dozen. This high attrition can slow down the growth of Android mobile apps.

Unlike the closed development ecosystem of Apple OS, Google has followed an open architecture model, where anyone can develop an Android app and bring it to market. Local and foreign Android development has taken off in a big way, resulting in a multitude of half-baked and incomplete apps. Some Android users download apps from unauthorized online stores that pose a threat to Android’s open source development architecture.

An Android mobile app user can mitigate the risk of being attacked by malware by:

• Download apps only from trusted sources and developers known by name and qualified
• Check the permissions the app is requesting and compare them to its stated purpose

Be alert for any unusual behavior of the phone, such as installing unknown applications, sending SMS to unknown recipients, or automatically making phone calls.