Android Takes Top Spot for New Mobile Threats: Research Shows Malware Authors May be Porting Symbian Malware Code to Android
In its most recent quarterly threat report released today, McAfee highlighted the growing amount of mobile malware targeting Google’s Android operating system, showing 76 percent jump in malware targeting Android devices since last quarter. In fact, in the second quarter of 2011, Android OS-based malware surpassed Symbian OS for the most popular target for mobile malware developers, according to McAfee.
“This year we’ve seen record-breaking numbers of malware, especially on mobile devices, where the uptick is in direct correlation to popularity,” said Vincent Weafer, senior vice president of McAfee Labs.
According to recent statistics from Google, more than 150 million Android devices have been activated worldwide, with over 550,000 devices activated every day through a network of approximately 39 manufacturers and 231 carriers in 123 countries.
Mobile malware is increasing not just in volume, but also in complexity, often mimicking the same code as PC-based threats and taking advantage of exploits, employing botnet functionality, and using rootkit features for stealth and permanence. Just last week, researchers reported finding GingerMaster, which they claim takes advantage of the most recent root exploit against Android platform 2.3 (also known as Gingerbread).
“Overall attacks are becoming more stealth and more sophisticated, suggesting that we could see attacks that remain unnoticed for longer periods of time,” Weafer added.
Maliciously modified apps are still a popular vector for infecting devices, McAfee says. If crimeware authors can corrupt a legitimate app or game, users will download and install malware on their smartphones by themselves, making the infection process quite simple. According to McAfee, the most popular maliciously modified apps in the quarter were the malware Android/Jmsonez.A, Android/ Smsmecap.A, and the Android/DroidKungFu, and Android/DrdDreamLite families.
Mobile crimeware authors also continued their tricks with SymbOS/Zitmo.C and BlackBerry/Zitmo.D, which are simple SMS forwarders, the company said.
Porting Symbian Code to Android?
McAfee researchers noted an interesting discovery with Android/Crusewin.A, a family of premium-rate–sending Trojans. Unlike simpler malware, the Android/Crusewin.A family includes some botnet functions, including the ability to execute orders from a command and control server. The attacker can send SMS messages from an infected device, which can sign-up the victim to premium-rate subscription services, and attempt to uninstall software. The latter feature is similar to that of Android/Tcent.A but suffers from a slight problem—Android/Crusewin.A uses an uninstall code that works only on Symbian smartphones that cannot run properly on Android, suggesting that malware authors may be porting Symbian Trojan/botnet code to the Android platform.
While growth in mobile malware picked up the pace in the second quarter, McAfee Threats Report: Second Quarter 2011 also showed the continuing upward trend in traditional malware targeting PC platforms, with McAfee seeing approximate 12 million unique samples for the first half of 2011, a 22 percent increase over 2010 and making it the busiest first half-year in malware history. With the addition of new malware discovered in Q2 2011, McAfee’s database now contains approximately 65 million malware samples, which McAfee researchers estimate will reach at least 75 million samples by the end of the year.
The full report is available for download here. (Free, No Registration Required)