The best defense at the moment is a security app, a cautious approach to downloads, and a close eye on your bank and credit card statements.
Most of us do whatever we can to avoid coming into contact with malware. Andrew Brandt spends his workdays attracting the stuff.
Andrew Brandt, a Blue Coat Systems Director of Threat Research, uses a “honey pot” Internet server intended to catch malware purveyors in the act.
Brandt described a recent encounter he had with a malicious app that found its way onto his Android phone. “I had downloaded an unrelated app a few hours earlier. [Out of nowhere], I get a text message on the phone thanking me for subscribing [to a $4-a-month service].” The malware had managed to sign Brandt up for the subscription from his phone without requiring any permissions.
“If it hadn’t been for that message, I would have had no notice of the unauthorized charge until I saw it on my credit card bill,” Brandt explained.
This highlights two of the things phone users need to do to protect themselves: keep a close watch on their bank and credit card statements, and respond right away to challenge illegitimate charges.
Without a security app, your phone is exposed
“BYOD [Bring Your Own Device] makes it nearly impossible for IT to prevent their networks from being exposed,” he explains.
According to security firm RiskIQ’s recent study, the number of malicious apps on the Google Play store increased by 388 percent from 2011 to 2013. Meanwhile the percentage of malware apps removed by Google each year went from 60 percent in 2011, to just 23 percent in 2013. The percentage of malware apps on the Google Play store jumped from 3 percent in 2011 to 9 percent in 2012, and to almost 13 percent in 2013, according to RiskIQ’s research.
The Norton Mobile Security support page lists the nefarious activities an Android malware app may attempt. It may collect your call and text logs, contacts, account info, and SIM card details. It could place ads in the notification bar and SMS inbox, or change your browser home page. Some malware apps play audio ads when you call a number in your contact list, according to Norton.
Installing a security app on your phone is just the first step. Sometimes your own actions can override the protections of the device’s antimalware program.
Blue Coat’s Brandt repeatedly circled back to the importance of phone users being cautious when downloading apps. Wired UK’s Dan Goodin explains how the Android-Trojan.Koler, A malware tricks visitors of a porn site into thinking they’re downloading a video player. In fact, they’re downloading a program that will lock the person out of their phone until they pay a ransom.
A more pernicious piece of Windows-based ransomware called CryptoLocker now threatens Android phones. CryptoLocker uses social-engineering techniques similar to those relied on by Android-Trojan.Koler.A. Once the malware is installed, it encrypts all the files on the phone, as Dennis Fisher reports on ThreatPost.