Symantec warns of mutating malware in Android Market

by Phil Hornshaw

The world of mobile device malware is getting a little more dangerous with the announcement from tech security company Symantec that it has discovered malware programs that mutate every time they’re downloaded.

As PCWorld reports, Symantec says it has identified a new breed of the programs known as “Trojans” in the Android Market. The malware executes a technique called “server-side polymorphism,” in which the program adjusts its program code with each new download in order to get past malware scanning programs like the ones Symantec creates. This isn’t really a new technique in the world of malware – Trojans like these have existed in the desktop world for quite a while – but it’s a new danger that Android users haven’t yet encountered.

As PCWorld explains:

“A special mechanism that runs on the distribution server modifies certain parts of the Trojan in order to ensure that every malicious app that gets downloaded is unique. This is different from local polymorphism where the malware modifies its own code every time it gets executed.”

So far, Symantec has found several variants of a Trojan program it notes as being called Android.Opfake, and all of them have originated from Russian websites. Downloading the program inadvertently can immediately infect other Android users, however, as the malware sends out SMS messages to other users from several European countries.

The good news, according to Symantec, is that contracting the Android.Opfake malware is tough. In fact, Android isn’t seeing too much in the way of polymorphic malware yet because most Android users use official methods of downloading software, like the Android Market. Because of the way Google has its market set up, malware like Android.Opfake is stopped at the door, its particular method of distribution blocked by the way Google and its apps are set up.

But that doesn’t mean users should let their guards down. Malware is increasing on smartphones as they become more powerful and more viable as a means for malware writers to make money. Android’s openness makes it particularly vulnerable, and on more than one occasion, Google has pulled apps from its Android Market that it discovered contained adware, spyware or other malicious software.

In terms of malware, polymorphic programs like Android.Opfake are particularly dangerous because they’re more difficult for security software to detect. Opfake itself isn’t particularly complex, Symantec said, but it’s a good example of why smartphone users need to start thinking about the things they download and include security software on their smartphones. As smartphones grow more and more powerful and users become more and more comfortable with them, they become more vulnerable to malicious programs. Even low-level security software protection is better than nothing.