A massive Trojan botnet has been discovered in Android devices in China and this serves as a timely reminder of the growing vulnerability of the Android platform. Staggeringly, this botnet has infected more than 1 million Android devices that function in China.
The high vulnerability of Android devices in China can be put down to the numerous unlicensed third-party application sources. A majority of Android users in China download apps and games from these unlicensed sources rather than the official Google Play store (this process is known as Sideloading). Needless to say, these unverified sources carry a greater number of threats and malwares than the official channels. Moreover, many low cost Android devices in China come pre-installed with several apps and games and some of these programs contain embedded Trojans and other threats.
The botnet carries the risk of remote hijacking
This botnet has been discovered in more than 7,000 popular apps that originate from unlicensed third-party sources. Once installed, the Trojan integrates the device into the botnet and gains remote access to crucial files. As a result, it collects phone numbers, contact lists, SMS content, photos, videos, geo-location data and other private information as well. It can also download other malicious apps and adware files into the system. All these activities make the device slow, drain battery life and cause financial damage to the unsuspecting user.
Today China has more than 400 million mobile users out of which more than 150 million users function on the Android platform. Mobile Internet usage is also on the rise in the country (an increase of 18%) and it is one of the fastest growing Android markets in the world. So the potential for damage in China is immense, especially when people access unlicensed sources to download apps and games.
Precautions to take to avoid this botnet
This Trojan could potentially spread to India as well so it is essential for Android users to exercise caution. We highly recommend that Android users install a mobile security suite on their device and keep this software updated at all times. Moreover, data usage stats and call history should also be regularly monitored for any signs of suspicious activity. Apps and games ask for special permissions before they are installed so these permissions should also be scrutinized effectively.
However, the most important precaution to follow is to disable the sideloading feature completely. Google Play has a vast collection of apps and games so sideloading should only be enabled when the source is trusted and essential to derive the application from. Here are the steps to disable sideloading.
- Go to Settings
- Go to Security or Applications/Applications Manager (in case of older Android versions)
- Uncheck the box next to Unknown sources to disallow apps from third-party sources
Once sideloading has been disabled from an Android device it is relatively safe from threats that exist in third-party sources. Trojans like this can originate from various outlets so it is imperative for users to maintain an updated mobile security suite and follow several safety precautions as well. We will continue to monitor this threat and inform our readers if the botnet spreads to India in the future.