Malware For Android Users Increases In Frequency And Sophistication
The folks at Lookout Mobile Security released the 2011 Mobile Threat Report, which offers a sobering look at the current state of mobile threats. According to the report, mobile users are more likely than ever to experience a malware attack, and the tactics that cybercriminals are employing are increasingly sophisticated.
The news is worse for Android users, as most of those threats are targeted at them. Apparently that walled garden Apple built is good for something, at least for now; the report states that although issues of privacy and application vulnerabilities affect both iOS and Android platforms, Android is far and away the greater target of malware and spyware.
Although spyware has been a problem for a while now, the prevalence of malware is quickly on the rise for Android devices. In January of this year, spyware made up 66% of mobile threats compared to 34% from malware; by June, those percentages had shifted considerably, to 52% and 48%, respectively.
Further, the sheer number of unique infected and/or malicious apps skyrocketed from 80 to 400 in that same time period.
In other words, if this trend continues at anything close to that rate, malware is going to be the dominant security threat to Android users. It may be already.
The tactics that baddies are using are as impressive as they are worrisome. Techniques include cloning a legitimate app and packing it with nasty code; using misleading disclosures; posting in-app mobile ads that lead to malware (“malvertising”); and a tactic wherein a malware maker releases a clean app but then packs malicious code into an update. Recently, researchers uncovered an Android-specific Trojan that actually records phone calls.
It’s no surprise that mobile malware threats are proliferating. Mobile devices are increasingly powerful little machines that users rely on more and more for general computing tasks, as well as for storing sensitive personal information. But with additional capabilities comes greater complexity, and complex systems tend to have more bugs and holes that can be exploited.
Lookout offers some tips on preventing threats, although most of them sound rather similar to what you’d tell any computer user: only download apps from reputable sources (and scope out the developer), be sure a link takes you to where it says it will, install security software that will watch for and prevent threats, look for any odd device behavior, and install your firmware updates when prompted.
The news is worse for Android users, as most of those threats are targeted at them. Apparently that walled garden Apple built is good for something, at least for now; the report states that although issues of privacy and application vulnerabilities affect both iOS and Android platforms, Android is far and away the greater target of malware and spyware.
Although spyware has been a problem for a while now, the prevalence of malware is quickly on the rise for Android devices. In January of this year, spyware made up 66% of mobile threats compared to 34% from malware; by June, those percentages had shifted considerably, to 52% and 48%, respectively.
Further, the sheer number of unique infected and/or malicious apps skyrocketed from 80 to 400 in that same time period.
In other words, if this trend continues at anything close to that rate, malware is going to be the dominant security threat to Android users. It may be already.
The tactics that baddies are using are as impressive as they are worrisome. Techniques include cloning a legitimate app and packing it with nasty code; using misleading disclosures; posting in-app mobile ads that lead to malware (“malvertising”); and a tactic wherein a malware maker releases a clean app but then packs malicious code into an update. Recently, researchers uncovered an Android-specific Trojan that actually records phone calls.
It’s no surprise that mobile malware threats are proliferating. Mobile devices are increasingly powerful little machines that users rely on more and more for general computing tasks, as well as for storing sensitive personal information. But with additional capabilities comes greater complexity, and complex systems tend to have more bugs and holes that can be exploited.
Lookout offers some tips on preventing threats, although most of them sound rather similar to what you’d tell any computer user: only download apps from reputable sources (and scope out the developer), be sure a link takes you to where it says it will, install security software that will watch for and prevent threats, look for any odd device behavior, and install your firmware updates when prompted.
