Criminals have always sought the path of least resistance, and pursued readily available targets.
The Ford Fiesta is Britain’s most stolen car because it’s also Britain’s best-selling car, rather than because it’s the best or most desirable vehicle on the nation’s driveways.
Similarly, Microsoft’s Windows operating system historically attracted the vast majority of computer viruses and worms simply because of its ubiquity.
Of course, the fact Windows was written with numerous security flaws also made life easier for Millennial cybercriminals.
Today, there are over 2.5 billion active devices in the world running Google’s Android operating system.
It comes as little surprise, therefore, that there is a steady stream of Android malware seeking ways to compromise devices and harvest personally identifiable information (PII) from users.
In fairness, it is a stream rather than torrent. Many people reading this will be surprised to realise their Android device has any vulnerability to hackers and Trojans.
Android malware isn’t ubiquitous in the way Windows malware is. However, it does exist – and it’s worth knowing the scale of these risks if you own an Android-powered handset.
Playing the Joker
There have been several relatively high-profile assaults on the Android ecosystem recently, attempting to harvest passwords, redirect web traffic to dodgy sites and install ransomware.
There was the Joker malware, capable of targeting an update settings flaw on half of all Android phones in existence.
Having infected dozens of apps, this Trojan would harvest contact data, read SMS messages and sign victims up to premium subscription services.
Yet even the Joker pales – no pun intended – by comparison with the Xhelper Trojan.
Capable of downloading malicious apps and giving crooks remote control over a device, Xhelper can even survive a factory reset – normally a nuclear solution to any Android issue.
Clearly, it’s far easier to avoid your handset being infected in the first place than having to try and resolve a Trojan virus, which by its very nature is stealthy and insidious.
These are our tips for minimising your exposure to Android malware:
- Don’t root your device. This is a favoured technique among people wanting to install obscure apps, but these unofficial programs are more likely to be weak or compromised.
- Stick to well-known Play Store apps. By definition, any app within the Google Play Store should be trustworthy. Even so, stick to popular ones and read recent reviews before installing them.
- Check security permissions. It’s tedious, but read the small print on newly installed apps to ensure they’re not taking liberties with your PII or device security – which some may be.
- Click with caution. It’s not just emails which can carry malicious payloads – so can texts, social media posts and WhatsApp messages. Never click a link unless you trust its source.
- Run an antivirus scan. Some Android antivirus software is largely ineffective, so do your homework and choose a dependable brand like Norton, Avast, AVG or McAfee.
- Always update operating systems when requested. System updates are often designed to plug newly-discovered holes in Android infrastructure, so install them straight away.
- Don’t use insecure WiFi connections for confidential activities. These open networks are unsuitable for sending and receiving PII, so stick to light web browsing in public.
- Install a VPN. If you must use public WiFi for personal activities, install a VPN. Our sister site VPNs.co.uk is a great resource for VPN products and providers.