With this automation system, we have stocked about 2,000 Android malicious files.
The number of Android malicious apps is more than we thought.
We already know that the number of Android malicious file is rapidly increasing from the beginning in the second half; however, certain malicious file aiming at Korean users hasn't been reported.
Therefore, Korean users are not familiar with these security threats.
INCA Internet Security Response Center's Emergency Response Team has been preparing response system for Android security threats.
2. Status of Android file collection
December 6, 2011, Google announced that the number of cumulative download on Android market passed 10 billion downloads. And APK files are spreading on 3rd party market.
According to Google's announcement, Korea ranked #1, which means that South Korea is the most prevalent country on using smartphone.
The fact that China isn't ranked in this table is peculiar, however, it can mean that the great number of users are using 3rd party in China.
Following figure is top 10 most App-crazed Countries.
INCA Internet Security Response Center's Emergency Response Team has collected various malicious files with the 3rd party market's information.
Chinese 3rd party market
Our automatic APK crawling system has collected about 57,000 files (153Gb) and new apps are downloading every day.
In 2012, the range of 3rd party and processing capacity will be widening.
We are using this program to download APK files.
Following folder size is our collected APKs and those will be included our nProtect Mobile for ANDROID.
With this program, we succeeded to shorten more than 80% to analyze APK files on classifying its variants automatically.
Following figure shows auto-decompiled and analyzed target file by our automation analysis system.
First of all, it extracts Manifest log and Decompiled code for analyzing code. Then it compares extracted code to INCA Internet's malicious pattern. If it matches each other, those files will be moved to malicious sample folder. (More than 98% files of them were revealed as malicious).
The fact that Android malicious file has been rapidly increasing is very remarkable. Malicious attackers are aiming at various target; therefore, users need to be careful on using.
Following figure is our detecting status of nProtect Mobile for ANDROID.
To use smartphone safely from security threats of these malicious applications, we recommend following tips "Smartphone security management tips" for general users.
INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function with “nProtect Mobile for Android” for mobile such as malicious file stated above and runs responding system against various security threats.