Connect with us

Hi, what are you looking for?


Mobile & Wireless

Android Takes Top Spot for New Mobile Malware in Q2, Says McAfee

Android Takes Top Spot for New Mobile Threats: Research Shows Malware Authors May be Porting Symbian Malware Code to Android

Android Takes Top Spot for New Mobile Threats: Research Shows Malware Authors May be Porting Symbian Malware Code to Android

In its most recent quarterly threat report released today, McAfee highlighted the growing amount of mobile malware targeting Google’s Android operating system, showing 76 percent jump in malware targeting Android devices since last quarter. In fact, in the second quarter of 2011, Android OS-based malware surpassed Symbian OS for the most popular target for mobile malware developers, according to McAfee.

Mobile Malware 2011“This year we’ve seen record-breaking numbers of malware, especially on mobile devices, where the uptick is in direct correlation to popularity,” said Vincent Weafer, senior vice president of McAfee Labs.

According to recent statistics from Google, more than 150 million Android devices have been activated worldwide, with over 550,000 devices activated every day through a network of approximately 39 manufacturers and 231 carriers in 123 countries.

Mobile malware is increasing not just in volume, but also in complexity, often mimicking the same code as PC-based threats and taking advantage of exploits, employing botnet functionality, and using rootkit features for stealth and permanence. Just last week, researchers reported finding GingerMaster, which they claim takes advantage of the most recent root exploit against Android platform 2.3 (also known as Gingerbread).

“Overall attacks are becoming more stealth and more sophisticated, suggesting that we could see attacks that remain unnoticed for longer periods of time,” Weafer added.

Maliciously modified apps are still a popular vector for infecting devices, McAfee says. If crimeware authors can corrupt a legitimate app or game, users will download and install malware on their smartphones by themselves, making the infection process quite simple. According to McAfee, the most popular maliciously modified apps in the quarter were the malware Android/Jmsonez.A, Android/ Smsmecap.A, and the Android/DroidKungFu, and Android/DrdDreamLite families.

Mobile Malware GrowthMobile crimeware authors also continued their tricks with SymbOS/Zitmo.C and BlackBerry/Zitmo.D, which are simple SMS forwarders, the company said.

Porting Symbian Code to Android? 

Advertisement. Scroll to continue reading.

McAfee researchers noted an interesting discovery with Android/Crusewin.A, a family of premium-rate–sending Trojans. Unlike simpler malware, the Android/Crusewin.A family includes some botnet functions, including the ability to execute orders from a command and control server. The attacker can send SMS messages from an infected device, which can sign-up the victim to premium-rate subscription services, and attempt to uninstall software. The latter feature is similar to that of Android/Tcent.A but suffers from a slight problem—Android/Crusewin.A uses an uninstall code that works only on Symbian smartphones that cannot run properly on Android, suggesting that malware authors may be porting Symbian Trojan/botnet code to the Android platform.

While growth in mobile malware picked up the pace in the second quarter, McAfee Threats Report: Second Quarter 2011 also showed the continuing upward trend in traditional malware targeting PC platforms, with McAfee seeing approximate 12 million unique samples for the first half of 2011, a 22 percent increase over 2010 and making it the busiest first half-year in malware history. With the addition of new malware discovered in Q2 2011, McAfee’s database now contains approximately 65 million malware samples, which McAfee researchers estimate will reach at least 75 million samples by the end of the year.

The full report is available for download here. (Free, No Registration Required) 

Suggested Reading: Mitigation of Security Vulnerabilities on Android & Other Open Handset Platforms

Suggested Reading: Attacks on Mobile and Embedded Systems: Current Trends

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Critical security flaws expose Samsung’s Exynos modems to “Internet-to-baseband remote code execution” attacks with no user interaction. Project Zero says an attacker only needs...

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Mobile & Wireless

The February 2023 security updates for Android patch 40 vulnerabilities, including multiple high-severity escalation of privilege bugs.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.


A digital ad fraud scheme dubbed "VastFlux" spoofed over 1,700 apps and peaked at 12 billion ad requests per day before being shut down.