Android Malware Jumps 400 Percent as All Mobile Threats Rise

Mobile security is the new malware battlefield as attackers take advantage of users who don't think their smartphones can get compromised.

Cyber-attackers are gunning for Google's Android as they take advantage of a user base that is "unaware, disinterested or uneducated" in mobile security, according to a recent research report.

Malware developers are increasingly focusing on mobile devices, and Android malware has surged 400 percent since summer 2010, according to the Malicious Mobile Threats Report 2010/2011 released May 11. The increase in malware is a result of users not being concerned about security, large number of downloads from unknown sources and the lack of mobile security software, according to the Juniper Networks Global Threat Center, which compiled the report.

"That's where the momentum is for 2011," said Dan Hoffman, Juniper's chief mobile security evangelist. It's important to remember that mobile malware still accounts for less than 1 percent of all malware detected globally,

About 17 percent of all reported infections were due to SMS Trojans sending text messages to premium rate numbers, the report found. Spyware capable of monitoring phone calls and text messages from the device accounted for 61 percent of reported infections. All, or 100 percent, of reported infections on Android devices were of this kind of spyware.

For the past five years, most mobile malware targeted Symbian and Microsoft Windows Mobile platforms, Juniper said. In fact, over 70 percent of malware definitions in Juniper's Junos mobile security service are of Symbian malware. The current trend shows that malware developers are targeting Android and the attacks are likely to get more advanced, such as turning mobile devices into a zombie in a botnet.

"Consumers can expect to see more advanced malware attacks against the Android platform," according to the report. These attacks include "command and control zombies and botnet participators, devices that are remotely controlled to execute malicious attacks," the report's authors wrote.

Even though most infections are caused by downloading dodgy applications, majority of smartphone users are not using antivirus software to scan for malware, according to the Juniper report. Most app stores remove applications as soon as they are reported as being malicious, but that is reactive and "insufficient," said Hoffman. The Juniper report cited a 2010 SANS Institute study that found only 15 percent of smartphone users were employing antivirus on their phones.

Enterprises and users need to be aware of the growing risks of going online using mobile devices, and protect them the same way they protect desktops, laptops and servers, Hoffman said.

Another security expert raising the alarm is James Lyne, director of technology strategy at Sophos. Users engage in dangerous activity on their smartphone that they would never do on their PCs, Lyne told eWEEK. They may see an e-mail and not open it on their computer because they have learned that's dangerous. But they go ahead and open the exact same message on their phones because they are under "the mistaken impression" that's it safer, because smartphones can't get infected, Lyne said.

There was no reason for the attackers to continue hitting the "walled garden that's the PC" when users are practically inviting them in on the mobile devices, according to Lyne.

The first bank phishing app appeared in the Android Market in January 2010, and Google took the unprecedented step of removing malicious apps from user devices via a remote kill switch in March.

The report listed other high-profile attacks on mobile devices in the past year. In one incident, Vodafone unknowingly shipped Android phones with SD cards preloaded with the Mariposa Trojan which infected Windows PCs when they devices were connected. The iPhone is at risk because malicious apps can obtain user data and transmit it to a third-party server, the report found.

"In most cases, application developers used pre-packaged code purchased from advertising agencies, originally intended to collect device information that could be used to build advertising profiles of the device user," Juniper said in the study.

While RIM BlackBerry devices and Apple iPhones are not under as intense attack, Juniper warned that spyware apps such as FlexiSpy, Mobile Spy and MobiStealth are large threats to the platform.

Lyne noted that there are no security software available for the iPhone in the Apple's app store. The company is not letting users protect themselves, Lyne said.

Juniper also warned that the increase in Wi-Fi enabled devices could result in more man-in-the-middle attacks, especially as people continue to trust public Wi-Fi hotspots.