Joining the botnet
Until recently, most fake software attacks we’ve seen on Android have been relatively unsophisticated. For example, some use primitive polymorphic methods that involve randomizing images, thereby changing checksums to avoid detection. Leading security companies learned how to defeat this tactic many years ago.
But the attackers are making headway. For example, consider the malware-infected editions of Angry Birds Space we saw in April 2012 (Andr/KongFu-L). Again, available only through unofficial Android app markets, these Trojans play like the real game. But they also use a software trick known as the GingerBreak exploit to gain root access, install malicious code, and communicate with a remote website to download and install additional malware. This allows these Trojans to avoid detection and removal, while recruiting the device into a global botnet.
< Back Next >