Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

Android Takes Top Spot for New Mobile Malware in Q2, Says McAfee

Android Takes Top Spot for New Mobile Threats: Research Shows Malware Authors May be Porting Symbian Malware Code to Android

Android Takes Top Spot for New Mobile Threats: Research Shows Malware Authors May be Porting Symbian Malware Code to Android

In its most recent quarterly threat report released today, McAfee highlighted the growing amount of mobile malware targeting Google’s Android operating system, showing 76 percent jump in malware targeting Android devices since last quarter. In fact, in the second quarter of 2011, Android OS-based malware surpassed Symbian OS for the most popular target for mobile malware developers, according to McAfee.

Mobile Malware 2011“This year we’ve seen record-breaking numbers of malware, especially on mobile devices, where the uptick is in direct correlation to popularity,” said Vincent Weafer, senior vice president of McAfee Labs.

According to recent statistics from Google, more than 150 million Android devices have been activated worldwide, with over 550,000 devices activated every day through a network of approximately 39 manufacturers and 231 carriers in 123 countries.

Mobile malware is increasing not just in volume, but also in complexity, often mimicking the same code as PC-based threats and taking advantage of exploits, employing botnet functionality, and using rootkit features for stealth and permanence. Just last week, researchers reported finding GingerMaster, which they claim takes advantage of the most recent root exploit against Android platform 2.3 (also known as Gingerbread).

“Overall attacks are becoming more stealth and more sophisticated, suggesting that we could see attacks that remain unnoticed for longer periods of time,” Weafer added.

Maliciously modified apps are still a popular vector for infecting devices, McAfee says. If crimeware authors can corrupt a legitimate app or game, users will download and install malware on their smartphones by themselves, making the infection process quite simple. According to McAfee, the most popular maliciously modified apps in the quarter were the malware Android/Jmsonez.A, Android/ Smsmecap.A, and the Android/DroidKungFu, and Android/DrdDreamLite families.

Mobile Malware GrowthMobile crimeware authors also continued their tricks with SymbOS/Zitmo.C and BlackBerry/Zitmo.D, which are simple SMS forwarders, the company said.

Porting Symbian Code to Android? 

McAfee researchers noted an interesting discovery with Android/Crusewin.A, a family of premium-rate–sending Trojans. Unlike simpler malware, the Android/Crusewin.A family includes some botnet functions, including the ability to execute orders from a command and control server. The attacker can send SMS messages from an infected device, which can sign-up the victim to premium-rate subscription services, and attempt to uninstall software. The latter feature is similar to that of Android/Tcent.A but suffers from a slight problem—Android/Crusewin.A uses an uninstall code that works only on Symbian smartphones that cannot run properly on Android, suggesting that malware authors may be porting Symbian Trojan/botnet code to the Android platform.

Advertisement. Scroll to continue reading.

While growth in mobile malware picked up the pace in the second quarter, McAfee Threats Report: Second Quarter 2011 also showed the continuing upward trend in traditional malware targeting PC platforms, with McAfee seeing approximate 12 million unique samples for the first half of 2011, a 22 percent increase over 2010 and making it the busiest first half-year in malware history. With the addition of new malware discovered in Q2 2011, McAfee’s database now contains approximately 65 million malware samples, which McAfee researchers estimate will reach at least 75 million samples by the end of the year.

The full report is available for download here. (Free, No Registration Required) 

Suggested Reading: Mitigation of Security Vulnerabilities on Android & Other Open Handset Platforms

Suggested Reading: Attacks on Mobile and Embedded Systems: Current Trends

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Samsung smartphone users warned about CVE-2023-21492, an ASLR bypass vulnerability exploited in the wild, likely by a spyware vendor.

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.

Fraud & Identity Theft

A team of researchers has demonstrated a new attack method that affects iPhone owners who use Apple Pay and Visa payment cards. The vulnerabilities...

Mobile & Wireless

Critical security flaws expose Samsung’s Exynos modems to “Internet-to-baseband remote code execution” attacks with no user interaction. Project Zero says an attacker only needs...

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Mobile & Wireless

Asus patched nine WiFi router security defects, including a highly critical 2018 vulnerability that exposes users to code execution attacks.