Over the past few decades, we’ve seen an incredible evolution in the world of technology, particularly in the mobile industry. Android, in particular, has become one of the most popular operating systems in the world, powering billions of smartphones and tablets.
Unfortunately, this evolution also meant an increase in the widespread use of Android devices which in turn helped in the development and deployment of malware designed to target them. As Android has evolved, so too have the tactics and techniques of those who seek to exploit it.
Through this article, you’ll get a chance to dive into the evolution of Android malware and how it has been adapted to target these devices.
So, let’s get started!
Exposing Evolving Android Malwares
This was an early example of mobile malware and showed that mobile devices were vulnerable to malicious attacks. This malware was used to target the Nokia Series 60 running the Symbian operating system, and it was discovered by Kaspersky Lab in 2004.
It was not specifically Android malware as the Android operating system was not yet released at the time. Cabir was spread through Bluetooth connections and would display a message on the infected device saying “Caribe” (which is the Spanish spelling for “Caribbean”) and it was not considered particularly harmful as it did not cause any major damage to the infected device.
It was a mobile phone worm that first appeared in 2005 and targeted phones running the Symbian operating system. It was one of the first mobile phone worms to spread via Bluetooth and MMS (multimedia messaging service).
CommWarrior could spread to nearby phones through Bluetooth connections and send infected MMS messages to contacts in the phone’s address book.
Once a phone was infected, the worm would send SMS messages to premium rate numbers, resulting in high phone bills for the victim. It would also cause the phone to slow down or crash.
This was a mobile phone Trojan that first appeared in 2006 and targeted phones running the Java 2 Micro Edition (J2ME) platform, a widely used platform for mobile applications at the time.
It was disguised as a free version of a legitimate browser application and was distributed through spam SMS messages. Once installed, the Trojan would silently send premium-rate SMS messages without the user’s knowledge, resulting in high phone bills for the victim.
It is a commercial spyware application first released in 2007 that targeted mobile devices running various operating systems, including Symbian, BlackBerry, and Windows Mobile.
FlexiSPY is marketed as a tool for monitoring mobile devices for parental control or employee monitoring purposes. However, it has been known to be used for illegal surveillance and spying on individuals without their knowledge or consent.
Its capabilities included intercepting and recording phone calls, tracking GPS locations, and accessing text messages and other data on the target device, which can be considered invasive and illegal in many cases.
It is a type of android malware that was first discovered in 2010. It is a variant of the Zeus banking Trojan, which is a type of malware that is designed to steal banking credentials and other sensitive information from infected devices.
It targets mobile devices running the Android operating system, and it typically spreads through phishing scams or malicious apps that are downloaded from untrusted sources.
Once installed on a device, Zitmo is capable of intercepting SMS messages and stealing sensitive information, such as banking credentials and one-time passwords (OTPs) that are sent via SMS. It can also send SMS messages to premium rate numbers, resulting in high phone bills for the victim.
One of the notable characteristics of Zitmo is its ability to work in tandem with the desktop version of the Zeus Trojan, allowing attackers to intercept and steal banking credentials from both desktop and mobile devices. This makes it a particularly dangerous threat to banking customers and financial institutions.
It is a type of android malware first discovered in March 2011. It targeted devices running the Android operating system and was distributed through malicious apps that were downloaded from third-party app stores.
Once installed on a device, DroidDream would gather information about the infected device, such as its unique identifier (IMEI), and send this information to a remote server controlled by the attackers. It would then download and install additional malicious code, which could be used to display unwanted ads, steal sensitive information, or carry out other malicious activities.
What made DroidDream particularly concerning was its ability to bypass security measures put in place by Google, the developer of the Android operating system. Specifically, DroidDream exploited vulnerabilities in the Android platform that allowed it to gain elevated privileges on an infected device and bypass app verification checks. This allowed the malware to install additional malicious code without the user’s knowledge or consent.
Boxer was a mobile malware that targeted the Android operating system and was distributed through malicious apps downloaded from third-party app stores. Once installed on a device, it would gather information about the infected device and send it to a remote server controlled by the attackers.
It was also capable of stealing sensitive information, such as SMS messages and banking credentials. What made Boxer particularly concerning was its ability to hide its presence on an infected device, making it difficult to detect and remove.
Boxer would use various techniques to avoid detection, such as disabling antivirus software and hiding its icon from the device’s app launcher.
Also known as FakeAV, it is a type of mobile malware first discovered in May 2013. It targeted devices running the Android operating system and was distributed through malicious apps downloaded from third-party app stores.
Once installed on a device, FakeDefender would display fake warning messages that claimed the device was infected with malware and needed to be cleaned. It would then prompt the user to download and install a fake antivirus app to remove the supposed infection.
However, the fake antivirus app was the malware itself. Once installed, it would continue to display fake warning messages and prompt the user to pay for the full version of the app to remove the supposed malware.
What made FakeDefender particularly concerning was its ability to convince users to pay for a fake service, potentially exposing them to financial fraud. It also employed social engineering tactics to convince users that their device was infected, leading them to download and install the fake antivirus app.
A new Android malware called Xbot was discovered in 2016. Xbot was a banking Trojan that targeted Android devices and was distributed through various means, including fake app stores and phishing websites. Once installed on a device, Xbot would disguise itself as a legitimate app, such as Adobe Flash Player, and ask for permission to access the device’s SMS messages, contacts, and other sensitive information.
It would then secretly record the user’s keystrokes to capture login credentials and other sensitive data, such as credit card numbers and bank account details. Xbot also could remotely control infected devices and could send and receive SMS messages, make phone calls, and even encrypt and steal files from the device’s storage.
It was discovered in 2017. It was a new type of Android malware that was delivered as a legitimate-looking app and then downloaded additional malware onto the infected device. It was primarily distributed through third-party app stores and was disguised as popular apps, such as Adobe Flash Player and Android System Update.
Once the user downloaded and installed the app, Droidpak would download and install additional malware, such as banking Trojans, adware, and other malicious programs.
One of the most concerning aspects of Droidpak was its ability to evade detection by antivirus software. It used advanced obfuscation techniques to hide its malicious code and used encrypted communication channels to communicate with its command-and-control (C&C) servers, making it difficult to detect and analyze.
Another notable Android malware discovered in 2017 was CopyCat. CopyCat was a malware strain that infected millions of Android devices worldwide. The malware would root the infected device and then generate revenue for the attackers by displaying ads, installing fraudulent apps, and even stealing user data.
Anubis was a banking Trojan that targeted Android devices in 2018 and was primarily distributed through third-party app stores. The malware would steal sensitive information, such as login credentials, credit card details, and other personal data, and send it back to the attackers’ command-and-control servers.
Skygofree was a sophisticated Android malware strain that was distributed through fake websites and phishing emails. The malware had a range of capabilities, including recording audio and video, stealing call logs and text messages, and even conducting real-time surveillance through the device’s microphone and camera.
12. Agent Smith
It was a malware strain that targeted Android devices and disguised itself as a legitimate app. The malware would then replace legitimate apps on the device with malicious versions that displayed unwanted ads.
In 2020, the COVID-19 pandemic led to a surge in the number of Android malware attacks, with attackers taking advantage of the increased use of mobile devices for remote work and online activities.
EventBot was a banking Trojan that targeted Android devices and was spread through third-party app stores. The malware would steal banking and financial information by overlaying legitimate banking apps with fake login screens.
Gplayed was a malware strain that targeted Androids and was spread through fake Google Play Store apps. The malware would install unwanted apps and display ads on the device.
It was a malware strain that targeted Android devices and was spread through malicious apps. It would steal sensitive information like passwords and credit card details.
The evolution of Android malware over the years has been significant, with attackers constantly finding new ways to exploit vulnerabilities in the Android operating system to target users with various forms of malware from the early days of simple worms and Trojans to the more sophisticated banking Trojans, spyware, and ransomware strains that have emerged in recent years.
To protect against Android malware, users should take precautions such as keeping their devices up-to-date with the latest security patches, downloading and installing apps only from trusted sources, and using reputable antivirus software.
It is also important to be cautious of any unsolicited messages or requests for sensitive information and use strong, unique passwords for online accounts. By being vigilant and taking these steps, users can help mitigate the risks of Android malware and protect their personal and financial data.