Mobile Computing - New Android Botnet Trojan emerges

Improved mobile computing security will most likely be a focal point for 2011.  The ISC highlights a new Trojan that is installed from an infected game or application.  There are some prompts that may be prevent access to the Android O/S. When installing any mobile or PC application, every prompt should be reviewed carefully and users should exit out if security could be potentially compromised.

Android malware enters 2011
http://isc.sans.edu/diary.html?storyid=10186

QUOTE: One thing a lot of security researchers have been predicting for years is rise in mobile malware. However, due to mobile phones with low power, a lot of operating systems, closed environments and many other reasons we haven’t seen any significant mobile malware until this year.

And just in time for 2011 a new trojan for Android has been found by a company called Lookout. While Android trojans have been very popular, this one was pretty advanced and that is why it caught everyone’s attention. The most important characteristic of this trojan is that it has botnet capabilities. This means that the trojan connects to a C&C server in order to retrieve commands and enables an attacker in effectively controlling the infected phone.

So how does the trojan gets installed in the first place? The attackers managed to infect some Android games which are hosted on various sites. The user simply goes to install such a game and gets infected. However, keep in mind that the installer will warn the user that the application wants to access sensitive parts of the phone as well as capabilities to send SMS messages, make phone calls etc.

That being said, we know that most users will just click on yes  (remember UAC on Vista?) – and I’m afraid that statistics for users blindly clicking on yes is even worse on mobile phones since there are many more users and security awareness is much, much lower.