Security companies have confirmed the discovery of a well-designed Android botnet Trojan, dubbed ‘ADRD’ by the Chinese company that first noticed it, AegisLab.
As with previous Android malware, ADRD appears to be targeting users on a specific Chinese website offering Android and Symbian software. This time the application hides inside legitimate wallpaper apps before setting itself up to monitor network traffic (mobile and possibly Wi-Fi), even setting alarms to wake itself at set intervals.
After sending the phone and SIM IMEI/IMSI numbers back to the attackers, the malware receives a list of web servers to hit with data traffic. This reveals its ultimate purpose – click fraud. The negative effect for an infected user would be an increased and possibly expensive level of data traffic.
Android Trojans are still rare events, but ADRD sounds like a foretaste of what could be to come for users of this and possibly other platforms. Although no mobile platform is immune to malware in principle, ADRD does exploit one aspect of the Android world, namely that apps don’t have to be downloaded and installed exclusively through Google’s Market.
Infection rates for ADRD are still low and the targets are Chinese but the design is sophisticated and does appear to achieve its intended aim. Given that this is the week of the Mobile World Congress, it has also timed itself to perfection to grab the attention of Western security companies looking for a mobile scare to talk about.
The last significant Android malware story was Geinimi in early January, which also appears to have come out of China.