Warning: Malware lurking in the shadows

When it comes to keeping mobile malware off of the company’s network, warning Android users to download apps only from Google Play doesn’t cut it anymore. 

Not surprisingly, cybercriminals found a way around Google’s malware detector, Bouncer, which is supposed to keep malicious software out of the official Android app store. A security researcher at Symantec recently discovered two apps infected with malware in the app store. They were quickly removed, but not before tens of thousands of users downloaded them.

This scenario is particularly troubling for companies with BYOD programs that permit Android devices to connect to their network. How do companies protect corporate assets without taking away employees’ ability to use their favorite mobile devices on the job? Especially since it seems that cybercriminals are always one step ahead of security experts.

The answer: Tell users what additional steps they must take before downloading an app.

Nothing they can do will guarantee they will never be infected with malware, but there are things they can do to minimize the risk:

  • Before downloading an app, do a quick web search to check up on the developer and the app itself. Look for red flags in the search results, such as negative reviews or complaints, that indicate you need to dig deeper before tapping that “Accept & download” button. Hint: You can visit the developer’s webpage from the app listing.
  • Some malicious apps try to hide behind a legitimate brand name. Make sure the name of the developer jives with the title of the app.
  • Read the app’s user reviews. Red flags will show up here, too.
  • Examine the permissions of the app: Are they in line with the app’s intended use? For example, does a news app really need to access your contacts or send text messages?
  • Insist that employees install an Android anti-virus app. Or, better yet, insist that users turn their devices over to IT before they’re allowed to connect to the network for the first time. This way, IT can install anti-virus software it has evaluated, configure it properly and enforce its use.

The effectiveness of Android anti-virus apps is debatable, though. In a recent study, only a handful of Android anti-virus apps were found to detect most types of threats. The March 2012 study by AV-Test.org rated 23 out of 41 apps effective, or 56%. Of those 23, only 10 detected greater than 90% of known malware types.

Still, the authors of the study say any of the anti-virus apps that were found to detect greater than 65% of known malware types provide adequate protection. The full report from AV-Test.org is available here.

The lesson: Unfortunately, it’s no longer safe to assume that just because an app is available from a reputable source, it’s malware-free. Educating users, combined with tried-and-true anti-virus software, is still the best protection against the quickly evolving threat of Android malware.