Apart from those apps that register users for unwanted services and those that aggressively push ads, Android users should also worry about apps with backdoor capabilities.
While premium service abusers and adware accounted for the majority of malicious apps in 2012, they are, however, not the only threats to Android. Reports of a botnet running on more than a million of smartphones recently made the headlines, which goes to show that attacks aimed at Android devices are varied and far from over.
Prior to these reports, we have been seeing these malware since July 2012 and have so far detected 4,282 in the wild. The related samples we analyzed (detected by Trend Micro as ANDROIDOS_KSAPP.A, ANDROIDOS_KSAPP.VTD, ANDROIDOS_KSAPP.CTA, ANDROIDOS_KSAPP.CTB, and AndroidOS_KSAPP.HRX ) were from a certain third-party app store, though we suspect there are other available several sites. Typically, these apps are marketed as gaming apps, some of them bearing or are repackaged versions of popular gaming titles.
The first batch of samples we analyzed was packaged using the same app title, purportedly from the same company.
Once any of these malicious apps is installed in a device, it communicates to the following remotes sites to acquire compressed script then parses the said script: