The type of malware threats targeting Google Android devices is diversifying, according to new research from security firm BitDefender.
According to the company, ransomware has been spotted targeting Android users in Asia. Made to look like an anti-malware program, Android.FakeAV.C looks to trick users into downloading it, and then demands payment to restore the user’s control of the device.
“We are not surprised to see Android ransomware showing up in our reports, as it has been emulating the behavior of PC malaware for quite a while,” said Liviu Arsene, security researcher at Bitdefender. “From Trojans that steal credentials to banking Trojans, Android threats are mirroring PC malware in both behavior and complexity.”
The Android.FakeAV malware family has been largely reported in India (32.7 percent), with Indonesia (15.9 percent) and Malaysia (6.96 percent) coming in second and third in terms of the number of detections. According to BitDefender, the malware appears to target countries where users download apps from third-party marketplaces by luring them with the promise of an effective antimalware solution. However, Arsene said, it is also possible for users to be infected through drive-by attacks as well.
Last month, researchers at Symantec also noted the appearance of ransomware targeting Google Android as well.
“The increased level of sophistication and its similarity with PC ransomware might suggest that Android malware coders are branching out,” according to the report. “Emulating the behavior of PC malware on Android is no novelty, as we seen in the past how adware gained traction and evolved on the mobile OS. The FakeAV malware family also includes the Android.FakeAV.B detection, which is a fake anti-malware solution that poses as legit. It even shares the same scanning engine as a legitimate Android security solution. Also posted in Google Play for a short while, its purpose was to steal sensitive information and send it to a remote machine.”
So far, the amount of reported threats is very low, Arsene told SecurityWeek, however the fact “that we’re seeing this type of malware emerging on Android is something that stands out.”
“Android malware coders could be testing the potential of a new type of threat,” he said.
Other more familiar malware names also appeared in the report as well, such as Zitmo. Most Zitmo reports came from China (44.65 percent). Germany came in second with (14.47 percent), while the U.S. was home 5.03 percent of Zitmo reports.