Android Most Targeted Mobile Malware in Q2 2011: McAfee

Google's Android has overtaken Java Micro Edition as the most attacked mobile platform, McAfee said in its latest quarterly threat report.

Out of about 1,200 mobile malware samples that McAfee Labs collected and analyzed in the second quarter of 2011, about 60 percent were aimed at Android, McAfee said in its 2011 Threats Report for the second quarter. While mobile malware remains a tiny fraction of the overall malware market, Android is clearly the criminals' favorite target, McAfee said.

Android malware jumped 76 percent since the first quarter, according to the report. However, that number sounds bigger than it really is, as McAfeeLabs identified only 44 total Android threats this spring. To put that figure in context, McAfee collects about 2 million new malware samples, regardless of platform, every month and found 12 million unique types of malware in the first half of 2011. Researchers expect to have 75 million samples by the end of the year.

Android "could become an increasing target for cybercriminals—affecting everything from calendar apps to comedy apps to SMS messages to fake Angry Birds updates," McAfee said.

Attackers wouldn't be focusing on a platform if they weren't making money, and the malicious apps don't need to be that widespread to be worthwhile, Tim Armstrong, a malware researcher at Kaspersky Lab, told eWEEK. An early Android malware sample, FakePlayer Trojan, charged users $5 to $6 per SMS message it sent out. Even if only a thousand users installed the app, that's $5,000 to $6,000 going to the attacker's pocket, and "that's if the app only worked once," Armstrong noted.

Mobile platforms were under attack from "for-profit mobile malware" such as SMS-sending Trojans and smartphone exploits, researchers wrote. Malware developers are targeting Android more than Symbian and J2ME, but the total number of Android malware still lags behind those two mobile platforms. McAfee's numbers suggest that as Symbian devices lose popularity and Android gains more mobile market share, that will soon change.

Google's Android operating system rose to 52 percent of units sold for the second quarter, according to the latest numbers from The NPD Group.

"This increase in threats to such a popular platform should make us evaluate our behavior on mobile devices and the security industry's preparedness to combat this growth," McAfee researchers wrote in the report.

As more employees use their personal Android devices at work to access corporate resources, such as email, it's imperative that enterprises be aware of the risks and take steps accordingly to protect the devices. Recently, a number of wireless carriers, including Sprint and AT&T, announced partnerships to provide mobile security offerings.

Many of the threats appear as if they are legitimate apps. A number of recent Android malware examples, such as GingerMaster, pretended to be a photo-displaying app.

McAfee researchers also included the MacDefender fake antivirus that infected Mac OS X systems in May and June in the report. There are more Mac users than ever before as well as steady business adoption, which places the Apple platform "squarely in the crosshairs of malware authors," according to the report. Researchers said it is a "case of 'when' rather than 'if'" that malware will make its way to the iPad and iPhone as well. The report noted a handful of malware were targeting jailbroken iOS devices.

For several quarters, McAfee researchers have noticed that malware developers are focusing more on exploits targeting vulnerabilities in Adobe products rather than Microsoft products.

"This trend does not prove that Adobe's technologies are more vulnerable or have more coding bugs than Microsoft's," the report said. Adobe has one of the most popular products in the world, and criminals "target what is popular and in wide use," the researchers wrote.

Rootkits were also highly popular in the spring, as criminals used them to make other malware stealthier and more persistent. The better hidden the malware is, the longer it can engage in malicious activity, the researchers wrote. The most common encountered were Koutodoor and TDSS.

"Rootkits have seen their busiest-ever six months, up almost 38 percent over 2010," the report found.