Android Malware Tops Charts In Q2: Report


Malware targeting the Android mobile operating system outpaced all others during the second quarter of 2011, representing a sharp upward spike that positions Google’s platform as a prime target for anticipated mobile attacks down the road, according to a McAfee threat report.

These and other findings were revealed in McAfee Threats Report: Second Quarter 2011, released Tuesday.

Android malware comprised about 60 percent of the total 1,200 mobile malware samples collected by McAfee researchers during the second quarter, representing a 76 percent from Q1, according to the report. During the second quarter, malware targeting the Android platform rose from third to first place, surpassing second place Java Micro Edition (ME) by a factor of three, and malware written for the Symbian platform, which came in third.

”This increase in threats to such a popular platform should make us evaluate our behavior on mobile
devices and the security industry’s preparedness to combat this growth,” wrote McAfee researchers in the report.

Toralv Dirro, security strategist for McAfee Labs, said that the total number "was not as impressive at the moment compared to what we are seeing on the PC side," although the rapid growth was still significant.

Researchers at McAfee said that the current crop of for-profit Android threats emulates similar PC threats, which take advantage of exploits, employ botnets and use rootkit features to avoid detection and hide their tracks when they compromise a legitimate app or game.

“The quality of the malware has changed compared to recent years,” Dirro said. “We also see the same kind of Trojans that we see on the PC emerging on mobile platforms, that are able to steal information. Trojans that give the attacker complete control over the device itself.”

The large majority of the most popular detected Trojanized apps during the second quarter infected users by sending SMS, or text, messages to premium services. “It’s an easy way for criminals to make money,” Dirro added.

Some of the most popular Android malware included the Android/Smsmecap.A, a modified version of a legitimate comedy app which first appeared on May 21, the date of an alleged “Rapture,” and was designed to send humorous and anti-Christian SMS messages to all the contacts stored on the user’s mobile device.

Also high on the list was the Android/Jmsonez.A, a version of an infected calendar app that displays the calendar for January 2011. Malware is triggered that sends SMS messages to a premium rate number if the user attempts to change the month to another date.

Meanwhile, Dirro said that while Android comprised the majority of malware, it was “certainly not the only attacked platform. We’ve also seen malware for other operating systems as well.”

One prolific example included two pieces of crimeware known as SymbOS/Zitmo.C for the Symbian platform as well as a correlating BlackBerry/Zitmo.D, both of which are simple SMS forwarders that compromise a user’s mobile device.

“More and more people are using smartphones or iPads for Web surfing and online shopping,” Dirro said. “With those devices being used more in business expect that this trend of mobile malware and more attacks against mobile devices to continue.”

Other findings from the report include the rise of hacktivism, propelled by global collectives such as Anonymous and LulzSec and an increase in fake antivirus for the Mac OS X.

Meanwhile, other threats are trending downward, such as spam, which continues to be at an all-time low, in part because of the take-downs of high profile spam botnets Bredolab at the end of 2010 and Rustock, decapitated earlier in 2011.