Page 2 of 2
The Mobile Threat Report points to evidence suggesting that Android malware “are focusing on utilizing the native component, and only downloading a root exploit when needed.” It goes on to say that the root exploit is often deleted by the malware itself, in an effort to cover its tracks.
The majority of the attacks, according to the report, are SMS bugs that send messages to premium numbers, thereby racking up fees. Most of these exploits are found on third-party sites, but a few have reportedly found their way into the mainstream Android market.
The exposures not only pose risks to the garden variety of Android user but also require a fresh look at how compliance requirements are executed in targeted vertical markets.
“People are going to have to look at their compliance issues, whether it be Sarbanes-Oxley, PCI, HIPAA, or anything else, and then recognize and address the security exposures that stem from mobile devices,” added Sacramento Technology Group’s Usi. “If you miss the mobile devices, you’re as good as dead. The safest thing you can do at the moment is to make sure you’re using VPNs and multi-factor authentication.”