Being Android is the most widely used mobile platform, it has become the most frequently attacked system by cybercriminals. This is the reason why it is necessary to take an in-depth look at the technical characteristics of the malware affecting it: “Know your enemy and know yourself; in a hundred battles, you will never be defeated” (Sun Tzu, The Art of War). Hence, it is necessary to get a thorough acquaintance with certain common features of these threats, and so promote the application of the measures needed to counter them, reducing exposure and impact.
Thanks to the collaboration between the Spanish National Cybersecurity Institute (INCIBE) and HISPASEC, contains an extensive range of technical details referring to malicious applications. The report makes every effort to provide an accurate view from an analytic angle. To achieve this, with the help of HISPASEC, a total de 76,000 samples of malware collected during the second half of 2014 were scrutinized and analysed.
The analysed samples were those spotted by antivirus engines with a high rate of Android malware detection, so that the study had a very good level of reliability and avoidance of false positives. The antivirus engines selected for this purpose were ESET-NOD32, BitDefender, Commtouch, GData and MicroWorld-eScan.
To carry out the analysis, reports from Virustotal were used. This service scans samples with a large number of antivirus engines and also uses the Androguard tool to perform a statistical analysis. With this utility, applications are decompiled, enabling access to a large amount of information such as the permissions they request, services, receivers or providers, the advertising libraries they use, and their list of activities or significant chains, among other points. In addition, other utilities also based on Androguard were used. These extracted further information from the samples, all of which were employed in the elaboration of the report.
The report, available in English and Spanish can be downloaded at the following links: