Android Malware Affected Up to 1M Users in 2011
Google's Android operating system faces a lot of security threats, with more than 500,000 to 1 million smartphone users affected by malware of various kinds.Google (NASDAQ:GOOG) Android smartphone owners have plenty to be wary of on the security front, according to a new report from Lookout Mobile Security.
Debate over the severity of the call recording payload aside, Lookout is seeing other creative malware in action, including threats it calls "malvertising" and "update attacks." In malicious advertising, perpetrators purchase mobile ads that point users toward malicious Website to trigger a dangerous payload download. GGTracker was one such malware to use this tactic. In the update attack, the attacker publishes a legitimate app to an application market and then releases an update to the app that includes malware so the entire user base gets infected. The Legacy malware used this attack on users. Security aficionados and pundits may debate the notion of whether users should drop their Android phones and flee for the comfort of the more secure, locked down Apple iPhone and the iTunes App Store. However, it might be more useful to look at what's driving the mobile threats on Android. Lookout said mobile payment services, which includes Google Wallet, ISIS and American Express' Serve, are key attack vectors. "The value of mobile payment transactions is projected to reach almost $630 billion by 2014, up from $170 billion in 2010. Vendors, retailers, merchants, content providers, mobile operators, and banks are all actively establishing new payment services. Mobile payments create an attractive target for attackers, as they allow direct monetization of attacks," Lookout said. Google believes its Wallet service, which pairs near field communications with smartphones for tap-and-pay services at participating retailers, offers the security to keep credit card info safe with an NFC chip on Android-based Nexus S smartphones. The service hasn't launched, but when it does, attackers will test it.