Android: Everyone's favorite new malware target

McAfee's recently released Threats Report for the second quarter shows startling growth in malware targeting Android devices.

Year-over-year smartphones exploits have exploded. McAfee released its Threats Report for the second quarter of 2012 [PDF] today, reporting dramatic year-over-year growth of mobile malware and citing Android as the favored target of black hat mobile hackers. This is a well-written "state of security" study that includes a detailed data analysis and a few ironic philosophic references, such as Albert Camus’s Myth of Sisyphus as a metaphor for the task of fighting malware.

The dramatic increase in mobile malware can be attributed to the growth in popularity of smartphones. Smartphones are full-scale internet-connected computers and suffer from the same types of vulnerabilities of other computers. What is different is malware developers can use formerly successful exploits for PCs to retarget smartphones. McAfee security expert Toralv Dirro said "mobile malware infections such as Trojans that autodial expensive premium services have been extinct on PCs since the year 2000. Now, because of the high rate of new app acquisitions and replacement of many PC activities by consumers with mobile devices and the low rate of anti-malware use, smartphones are an attractive new target for experienced hackers."

RELATED: 18 great IT tools for Android

How iOS growth underscores Google's brilliant Android strategy

One of the major threat vectors to Android is caused by mobile phone carriers. Carriers rarely provide updates to smartphones that fix vulnerabilities. Over 75% of the Android smartphones are running version 2.3X (released December 6, 2010) or earlier versions. As a result, vulnerabilities that have been repaired have not been released and downloaded to older smartphones by a software management system like those used to update PCs with the latest security patches. Compared to the total number of malware incidences recorded on McAffee’s database for all operating systems numbering around 90 million, the 14,000 mobile malware instances is small. However, they have a longer lifespan after discovery because of carriers’ policies.

Since the vulnerabilities are not patched when discovered there is no reason for the black hat hacker to move on and create a new exploit of a new vulnerability as he would have if his attack targeted PCs. He can instead work to perfect the attack of his old exploit by improving his SEO to attract more potential victims for a drive-by download or incorporate his exploit in attractive apps and try to introduce them to the Play Store and unofficial app stores.

The rate of growth of mobile malware has decreased 30% quarter over quarter. McAfee’s Dirro said “this decrease needed more time and perhaps another quarter or two to understand if this was a trend."

Perhaps this occurred because new phones are shipping with newer and better Android software. The distribution of Android version 4.0.X is now approximately 20% of shipments, so many known exploits of early versions have been fixed.

But it would be a terrible blow to Android innovation if the approach to PC security were adopted by Android and it was locked down, applications were manually white and black listed, and consumers were afraid to install apps. Android users should take McAfee’s advice to Mac users, that "these threats should be taken seriously and Mac users should take precautions. It’s simple: Malware can be written for any operating system and platform."

According to Dirro "most smartphones and tablets are not protected." The good news for the consumer is anti-malware software is getting better. Independent antivirus advisory AV-test.org reported in March that its testing produced 10 Android anti-malware products that detected more than 90% Android malware infections.

[Image Source: McAfee]

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Now read: Getting grounded in IoT