While the world of malware creation may be mysterious to many, malicious apps that infect mobile devices are plentiful and easy to create. Read More ..
Because of readily available tools that enable even a novice developer to create mobile applications that fall on the dark side of the fence, users should be cautious when downloading and installing mobile apps, especially from non-official App Stores.
Developing Android malware to harvest information is a "trivial" task and possible using readily available tools, Kevin McNamee, security architect and director at Kindsight Security Labs, told SecurityWeek. McNAmee demonstrated how to inject snippets of code into a legitimate Android application that infected a mobile device with malware. The malware, when executed, connected with a remote command-and-control center and transmitted data from the device.
McNamee downloaded a copy of the Android packager file APK for the popular game Angry Birds and infected it with DroidWhisper, a malicious Java program designed to collect and send phone data to a remote server and execute various commands. Along with the host APK file, all he needed were the regular tools available to any developer on the Android developer site. Criminals not interested in developing their own attack programs can easily obtain actual attack programs online. With the modified game in hand, all that remained was how to distribute it, McNamee said.