As Android's reach grows, cyber-criminals see an opportunity to spread their malware, according to the security software vendor.
Given the
increasingly ubiquitous and open nature of Googles Android, theres little
mystery as to why cyber-attackers are targeting more of their malware efforts
at the mobile operating system, according to Don DeBolt, director of threat
research at security software maker Total Defense.
Malware
goes to where the numbers are, DeBolt said in an interview with eWEEK, pointing out that Android can be
found in almost 50 percent of all smartphones. Theres been an explosion of
malware directed at the Android platform. What made it possible is that its an
open platform. It lets you download anything you want.
The result
is that, at a time when the overall amount of new unique malware grew in the 2
to 6 percent range between 2010 and 2011down from as high as 20 percent a year
in the pastmore than 25 times more Android malware was found in 2011, Total
Defense found in its 2011 Internet Security Threat Intelligence report,
released March 15. There were more than 9,000 incidents of Android malware in
2011, according to the report.
Total
Defense executives said that what theyre seeing is raising the issue of open
systems versus closed ones as far as security is concerned, as well as the
debate around the idea of app paradigms, in which only authorized apps can be
installed and run on computing devices.
The open
nature of Android that proponents love is the same thing thats attractive to
malware creators, DeBolt said. Users find apps to download and then are
presented with lengthy user permission dialogs featuring small type that in all
likelihood users just allow without ever reading. That makes it easy to bring
in malware along with the app.
And in 2011,
that malware was out there, with names like Foncy, Dogowar, WalkSteal.A and
Golddream.A, according to Total Defense. Fakeneflic.A is a Trojan that
disguises itself as popular software that needs login data. If the user is
tricked, the entered credential is posted to a hosted Website. FakePlayer.A is
a Trojan that disguises itself as a media player.
Such malware
is made even more dangerous by the rise of data-logging apps, which, on their
own, access a users contact list, email list or other personal information,
DeBolt said.
Total
Defenses report echoed the findings in the 2011 Mobile Threat Report released by Juniper in February. That report found that malware targeting
Android jumped 3,325 percent in the last seven months of 2011, and accounted
for 46.7 percent of unique malware samples aimed at mobile operating systems.
In response
to this challenge, Google now has a technology called Bouncer,
which scans apps submitted to the Android Market for malware and removes
offenders. Total Defenses DeBolt said Google has needed to improve its policing
of the Android Market and should consider offering certified applications on
the marketplace.
He also said
the skyrocketing amount of malware targeting Android should have Google
officials consider making Android a less open platformalong the lines of Apple
and its iOS. While users of Android-based devices can download what they want,
those with Apples iPhone operate in more of a walled garden environment,
where only software with particular code can be downloaded, unless the device
is jailbroken by the user. In that situation, though, one would hope that
someone with enough technical skills to jailbreak the device would be savvy
enough not to download the wrong software, DeBolt said.
The Android
malware situation also fuels the debate over the drive toward an app paradigm, in
which PCs and other computing devices are used in a more appliance-like
fashion, and only authorized apps with authorized code can be installed and run.
DeBolt said
an app paradigm would reduce the dangers of malwareor attack surface of
computing devices. At the same time, he understands that it would reduce the
amount of freedom users have in deciding what they can download onto their
devices.
Email
Print
