A few days ago we reported that Google had removed more than two dozen malicious applications from Android Market. This number now turns out to be far from sufficient.
According to North Carolina State University researchers, assistant professor Xuxian Jiang, and Ph.D. student Yajin Zhou, a new malware called DroidKungFu has been found in certain apps being circulated outside Android Market. DroidKungFu malware possesses advanced techniques that make it capable of bypassing mobile anti-virus software and also enable it to install a backdoor that allows the hacker to take complete control of the device.
The hacker can then steal data and send it to a remote server. Besides that, the hacker can turn the device into a bot, which is a software application that runs automated tasks over the internet.
The malware is found to be in circulation on eight third-party App stores and forums based in China. So far there is no evidence of infected apps being sold in app stores outside China.
Smartphones affected by the malware run Android 2.2 Froyo or older versions. Apparently, the DroidKungFu malware is smart enough to stay undetected by mobile security apps from leading mobile security firms.
Both security researchers are now looking into other Android Market-like app stores to see if the malicious apps are being circulated there or not. Till now there’s no word about any such menace being found.
Android Market has thousands of free apps which are downloaded and installed every day. How would you ensure that your device is free of malware?
Below are a few measures you can employ to protect your device:
Read before you install
We know that reading the privacy policy is tedious, but you must read all the access and permission requests the app you wish to use is seeking.
Install apps only from Android Market
At times, third party application stores don’t have enough regulations and rigorous app reviewing processes to test newly submitted apps for malware. It’s not like they can’t be trusted but the hackers are smart enough to pass their review processes. In short, install applications available only from trusted sources.
Use mobile security apps
Those who deal with confidential and important data on their Android smartphones can buy reputed mobile security apps from companies like Lookout Security, McAfee WavSecure, Norton (beta), BitDefender Mobile Security and more.
Avoid rooting the device
If you don’t know what to do with root access, avoid doing it. Root access permission is like single gate entry to possibly take control of the entire device.
Do not use open WiFi points
Getting lured by open WiFi access points is human tendency but it can cost you heavily later. Avoid using open WiFi for you never know what sniffing tools are being used to collect information from your Android smartphone.
Use of complex passwords and lock pattern
Try using complex passwords that includes letters, numbers and special characters. Entering passwords manually every time is fairly good practice. Also use lock patterns so that no one peeks into your phone if you’ve left it unattended by mistake.
Avoid updates from unknown links (advanced users)
Android enthusiasts who understand firmware and know how to update their operating system should avoid using updates circulated by fishy and unknown sources. There are websites that maintain a log and links to official Android updates.
With these pointers your Android smartphone should be secure and safe to a large extent.