3 Steps to Effective Android malware – Computerworld.nl

Background – Reports of the massive Android malware threats are mostly FUD. But that can change. These three things must be overcome together

Of course there is to leave a nasty malware plague loose on the mobile world.

many Android malware and that’s for the same reason that there is a lot of Windows malware. Criminals also think of scale, and if they want to cast broad nets they address the most popular operating system. A targeted attack on a specific multinational used on Windows Phone or BlackBerry OS, delivers sometimes malware for other platforms. But the criminal who wants a grand rigging mobile botnet, go to the platform where he or she can reach eighty percent of users.

But do not panic, Android malware is no problem for the average Dutch user. The malware is mostly from shadowy appwinkeltjes. The malware that is now taking companies under fire, does not use exploits in the system, but of old-fashioned social engineering, where the user is persuaded to install a rogue program.

Because BYO-malware pops up regularly, for example, mentions McAfee anti-malware on mobile devices a ‘need to have’. But in practice, rather a ‘nice to have’, assuming that a company manages devices with MDM / MAM or (again) own managed aircraft has rolled outgoing. A major problem is Android malware currently, but that could change rapidly. Here are three steps that Android malware FUD can go to real problem.

1. Exploits should be automated

There are occasional gaps discovered in the OS, yielding an Android exploit. Be fact, vulnerabilities in the operating system used to rooting Android devices. Often a root instruction follows soon after the appearance of a new device, because the exploit is appropriate for a specific Android version and with most devices that come with this version – unless the manufacturer or Google poem vulnerability

<. p> The patching the OS is pretty fast, but the deployment of such solutions with the intervention of manufacturers and providers is not so smooth. To put it mildly It’s a matter of time before exploits are recorded in automated tools to deliver in Android malware widely. And that has Android botnets already been delivered. Disturbing is that they run not only in Asia – all shadowy markets for Google-less AOSP devices – but even pop up in the US

This is an important development that will undoubtedly come once.: the delivery mechanism should be applicable to a large number of non-geroote devices. A mobile exploitkit vulnerabilities that collects, so that customers can mobile drive-by malware firing a large number of website visitors is a prerequisite. But most malware is thus distributed, has a practical problem and stores death. Stumbling two cyber emergency earthy:

2. The sandbox should be removed

Malicious software benefits from the punch in other processes, including ride on extensive rights. An obstacle which Android malware makers face is that apps run in their own sandbox. A rogue Flappy Bird with access to the SD card can not pick up on Chrome for example, with its 13 permissions or nestle in the core OS. But that’s the theory, and are sometimes discovered in practice ways to break out of that sandbox

On the next page:. You are a nice way towards cyber crook. But there are other stumbling blocks.