Self-Mutating Trojans Come to Android

Symantec is warning that the next generation of smartphone viruses has come:

Researchers from security vendor Symantec Corp. have identified a new premium-rate SMS Android Trojan horse that modifies its code every time it gets downloaded in order to bypass antivirus detection.

This technique is known as server-side polymorphism and has already existed in the world of desktop malware for many years, but mobile malware creators have only now begun to adopt it.

A special mechanism that runs on the distribution server modifies certain parts of the Trojan in order to ensure that every malicious app that gets downloaded is unique. This is different from local polymorphism where the malware modifies its own code every time it gets executed.

This is a clever means to avoid the rudimentary analysis systems that the major vendors use to ID malware. It’s also (another) indication of how important antivirus is going to become for the mobile marketplaces. I suspect that, by the end of the year, a lot of users (on iOS, Android, and the rest) are going to wish that the post-Steve Jobs smartphones on the market today met Jobs’ initial thoughts regarding smartphones when Apple released the iPhone. Specifically, he held that:

He didn’t want outsiders to create applications for the iPhone that could mess it up, infect it with viruses, or pollute its integrity

While our pocket computers are better now that apps are available, I can’t help but think that Jobs’ earliest worries are now looming at today’s potential nightmares.

%d bloggers like this:
search previous next tag category expand menu location phone mail time cart zoom edit close