Despite Arrests, Android Malware Persists in Japan

ID THREATPOST:2E2D4467F07234795E343ECACBDA5577
Type threatpost
Reporter Chris Brook
Modified 2013-04-17T16:31:09


Android malware developers in Japan continue to peddle their product across the Internet and through the Google Play marketplace, undeterred by recent arrests in the nation.

Over the last few weeks spammers have ramped up circulation of the Android.Enesoluty malware in emails, in addition to publicizing the malware through Google’s online app store. According to a report from Symantec’s Security Response blog late last night, spammers are trying to disguise the app in spam emails with subject lines like “Android App Magazine” and “Smart Magazine.”

The malware can also be downloaded from a handful of apps in Google Play, disguised as apps that improve battery life and run antivirus along with apps that provide news about anime characters and Japanese pop groups.

Once executed, the app uploads the phone’s contacts to the developers’ servers and proceeds to send a slew of spam to the harvested emails. Symantec notes the emails seem to cover the usual spam subjects. There have been emails about Viagra, fake celebrity greetings that trick users into thinking they want to be friends and emails about the malware in question.

Android malware on a whole remains ubiquitous, yet variants continue have their own ebb and flow. Symantec notes Enesoluty along with malware strains such as Loozfon and Ecobatry have enjoyed recent streaks in popularity while another variant Sumzand appears to have gone dark.

The constant flux of the variants is likely tied to ongoing arrests around Japan. Enesouty first reared its head in September but its recent surge in popularity coincides with a series of arrests earlier this fall. On Oct. 30, five individuals were apprehended after developing Dougalek, malware that claimed to play movie clips but in actuality, like Enesoluty, stole contact information. Two more individuals were arrested the same day for distributing Ackposts, malware that posed as a battery saver, but really harvested email addresses.

Symantec notes that despite the growing glut of Android malware in the country, the Ackposts developers still haven’t been prosecuted while the Dougalek developers were outright released.

Google hopes to combat these types of malware with a new application verifier in Android’s most recent OS, 4.2 Jelly Bean. Once implemented, the scanner will warn users of any potentially malicious or dangerous apps before they’re installed.

The scanner aims to curb some of the almost 52,000 unique malware samples that targeted Android in the third quarter this year. That number, taken from security firm F-Secure’s Q3 Mobile Threat Report last month is more than six times the amount of samples found in the first two quarters combined.