Google Fighting Biggest Ever Android Malware Outbreak - Or Are They?

It was recently reported  that security researchers discovered that up to 21 million Android users have been infected by malware in one of the biggest outbreaks ever ... allegedly.

However, John Kozyrakis, technical strategist at Synopsys, feels very differently, saying: “Based on available data, there’s no indication that this specific malware propagates by itself or that it is particularly dangerous. It looks like just another piece of malware that can do hardware identifier theft and send premium SMS. There is no indication that the malware can compromise a user’s device or steal their data from other applications. Users need to download it willingly and accept several permissions before it collects any data or sends premium SMS.

"When an application is uploaded to the Play Store, an automated scan takes place to establish if the application is potentially harmful. One thing that is interesting about this particular malware is that it may have been able to evade this detection. This occasionally happens and the automated analysis is fine-tuned so that new obfuscation techniques are tackled. Google has been effective in detecting and removing malware from Play store and user devices.

"Sometimes, it is not easy to distinguish between legitimate applications that use premium SMS functionality and applications “infected” with malware, if the proper disclaimers are in place and the user accepts that premium SMS will be sent. However once a ToS violation is confirmed the application is removed from the store; if fact several of such ‘infected’ apps are removed on a weekly basis. When more severe situations arise, apps are also removed from user’s devices."