Mobile malware getting harder to spot, say researchers

It is becoming harder to spot malware and scam sites because of the growing sophistication of fake download sites and rogue applications, according to security experts.

Security firm F-Secure said in a company blog post that in recent months attackers have begun to move away from crude-template driven page designs and towards pages designed to look more like legitimate sites.

By using better web design techniques and mimicking the look and feel of legitimate sites, F-Secure researcher Karmina Aquino noted that attackers could increase the likelihood that a user is fooled by the page and convinced to install the malware.

Aquino compared the trend to the rise of fake anti-virus malware scams, which saw successful attack rates increase as developers produced more professional and convincing interface layouts and design techniques.

"When fake AVs used to take the limelight, their user interface started from pretty-crappy-and-obviously-rogue-AV and ended up with a very convincing design," Aquino explained.

"It took a while for the miscreants to get there, but they really poured some work in an attempt to perfect the design in order to get a wider victim-base."

The report comes as experts are reporting a growing number of malware and rogue applications which target the Android platform. While much of the malware is simple tools such as premium number diallers, researchers with McAfee have reported finding increasingly sophisticated attack and infection techniques.

Aquino said that users will need to remain cautious and skeptical when viewing download sites and advertisements for Android applications.

"They are getting more and more convincing. It makes one wonder what the look and feel of these websites are going to be in a few months time," the researcher said.

"It does not mean that if it looks pretty good, it is good. In the Android world, one has to be wary and careful before installing anything on their devices."