The biggest increase came from drive-by downloads, in which a user authorizes the download of a seemingly innocent ActiveX control or Java applet and ends up infected.
Earlier this month analysts with Lookout Mobile Security identified the first drive-by poisoned web sites targeting Android, adding a new class of malware, new distribution system and new source for more infections. Many of the drive-bys were designed to turn Android devices into proxies the controllers could use to penetrate new networks or distribute malware among Android devices from within the firewall.
New thing in malware: rather than fake offers as bait, use real ones
The most interesting variation are those designed as wrappers around often-legitimate code. The approach is a variant on an old trick – offering "free" services to lure victims into installing the software. During installation, if the malware would throw an error as the fake install process ran out of gas, according to F-Secure.
The install couldn't complete because the APK was malware, not the app it pretended to be.
That turned out to be a problem because the more-sophisticated smartphone users of two or three years ago would go online to look for a solution, often discovering along the way that they'd accidentally installed a Trojan.
The solution? Get a copy of the real app, wrap it in malware and distribute that.
The app installs, behaves like it's supposed to, and the malware installs in the background without tipping off the victim. (See video from F-Secure showing compromised version of Angry Birds installing, below.)
Of course, now that smartphones have spread beyond uber-geeks and top execs with gadget budgets to blow, less sophisticated users are getting ahold of the bait software.
If the malware throws an error, those users don't even check to see what happened, according to F-Secure's writeup. They just keep installing.
Even the sharpies are fooled by real software wrapped by malware, however,