, ,

Android Malware Injected through Repackaging of Apps

I don’t see it, thereby it doesn’t exist. That’s the kind of philosophy we humans adhere to.

Defying those canonical logics, security researchers from North California University have warned about an audacious attempt of repackaging popular apps and redistributing them.

To attest the fact that this is not a mere hypothesis, Security experts analysed nearly 1,200 Android malware families and finally deciphered the bitter truth about Android malware.

Analytically, nearly 86.0% apps were repackaged and malicious chunks of code were injected to run the infamous ‘Android Botnets’.  These repackaged apps were distributed not through private file sharing networks but also through Google Play Store.

“The challenges lie in the large volume of new apps created on a daily basis as well as the accuracy needed for repackaging detection” said Yajin Zhou and Xuxian Jiang, the pair working with the Android Malware Genome Project.

Additionally this is what they had to say, “Our characterization of existing Android malware and an evolutionary study of representative apps quite apparently expose a serious threat we face today. Dolefully, existing popular mobile security softwares are still not adept enough to detect such repackaged apps. Hence, it becomes imperative to explore possible solutions that could make a difference”.

Interestingly enough, the researchers found that over 36.7% of the Android malware temper the platform-level loop-holes to get the root-access (or in other words, higher permissions).

This apparently exposes the security threat posed by Android, yet again. Due to factors like “Fragmentation”, less monitoring and poor security measures, Android devices have become soft targets for crackers.

Rhetorically speaking, why do we do not have iOS botnets running? Though Apple is criticized for cracking a whip on programmers worldwide in the name of security and compatibility, the imprudent trade-off has actually paid-off.  Google has failed to maintain the much required security decorum. (Steve Jobs would be rolling in his grave with happiness, perhaps!)

The way around to correcting this issue would be quite bumpy mainly due to Android fragmentation. The turn-around time-window is expected to be quite large as each device would need to be healed differently. Moreover, researchers feel that even the most advanced versions of Android lack affluent security measures. For instance, apart from Address Space Layout Randomization (ASLR) which found its way in Android 4.0, inevitable security features like TrustZone and eXecute-Never still stand in the ‘never-ending’ queue.

The analysis also exposed how dynamic loading capabilities of both native code and the ‘Dalvik’ –code are been squeezed by Android malware. Over 45% malware subscribe to premium-rate services by sending background messages and in turn squander your monthly bills, besides providing uncongenial convenience to those despotic cyber-criminals.

The researchers have recommended that a more robust, coarse-grained Android permission model be implemented which includes additional context information that unambiguously informs the user about the plausible intentions of the app.
We do not know if that’s going to be heard by Google anytime soon. Even if it’s heard, it would mark-off the genesis of yet another dairy-product which would remain centralized to only  a bunch of handsets, perhaps iterating the problem over again.
What’s the terminating condition for this loop? Any guesses?