NEWS FROM THE LAB - Friday, May 18, 2012

Video: Angry Birds Space Trojan & Drive-by Android Posted by Sean @ 14:19 GMT

On Monday, we released our Mobile Threat Report for Q1, and in that report we mention there's a growing number of mobile trojans that "deliver on their promises". What do we mean by that?

Well, in the past, mobile malware often offered something such as "free" mobile web services as bait, but then, during installation, the trojan would display some kind of decoy error message.

At that point the folks installing the trojan would typically search for answers, either because they were suspicious or because they were troubleshooting. That would then lead to actual answers on forums that what they had in fact installed was a trojan. These days, when even non-nerds have smartphones, the bait is quite a bit different.

No decoy messages. The "bait" actually works.

Here's a video of trojan installing a working copy of Rovio's Angry Birds Space as it compromises the phone.

Video: Trojanized Angry Birds Space.

So, nothing to troubleshoot… and how many non-nerds do you think will find getting what they were promised to be suspicious? It's quite possible that somebody could compromise their phone and they'll never come to realize it.

Android malware is definitely evolving.

Here's a short preview of something which developed during Q2: drive-by Android malware.

Video: Drive-by Android Malware.