With each passing day, malware directed towards Android users grows more and more sophisticated. Fresh discoveries have uncovered such malware which can bug your handset and even dial premium numbers from it.
All a malware author needs is a good enough vulnerability to sneak through. Once a malware finds such a vulnerability, it sneaks into the handset and can execute malicious code, steal information and perform many other tasks based on what its command-and-control server tells it.
Widdit, which is a rather well-known and oft-used software framework among Android app developers, can be a risk for Android users. Researchers say that Widdit asks for a whole host of Android permissions which can then be used to load malware into a handset.
Bitdefender researchers Vlad Bordianu and Tiberius Axinte, who discovered Widdit’s strange behavior, had this to say, “These permissions are not necessarily used by the SDK [software development kit], but requesting them ensures that anything introduced later in the SDK will work out of the box. Among the weirdest permissions we saw are permissions to disable the lock screen, to record audio, or to read browsing history and bookmarks.”
Moreover, when Widdit has to download application updates, it relies on an unencrypted HTTP channel. This is like an open invitation to hackers who can launch man-in-the-middle attack on such downloads, inject their own malicious software and have it downloaded to the device.
MouaBad.p is the name given to an entire family of malware which have a fairly sophisticated way of working. These malware download to a user’s device using any available exploit. Once they are installed on the handset, they start dialling premium numbers on their own, without any interaction from the users. In fact, the malware gets active some time after the phone’s display has been turned off, ensuring that the user doesn’t find out.
And as soon as the user unlocks the device, the malware ends the call and goes dormant again. This is a very sophisticated behavior for an Android malware and shows that malware authors are getting cleverer in their creations. Google has been relentlessly deleting possibly malicious apps from its Play store but given the sheer size of the Android market, as well as the fact that there are unofficial Android apps out there, the company can ensure only so much damage control.