Spike in mobile malware doubles Android users' chances of infection
'Startup phase of mobile malware' shows experimentation by attackers, says expert
Computerworld - An explosion in mobile malware during the last six months has more than doubled the chance that a user's Android smartphone will become infected, a security researcher said today.
According to Lookout Security, which develops anti-malware software for Android but not for Apple's iPhone, the likelihood of an Android owner encountering malware has jumped by two-and-a-half times since January.
By June, between 1% and 5% of Android users -- the number varies by country -- had been infected by mobile malware, said Kevin Mahaffey, co-founder and CTO of San Francisco-based Lookout.
Mahaffey blamed a dramatic spike in malware targeting Android for improving hackers' odds. "In January, we saw only 80 unique pieces of Android malware, but by the end of June we tracked over 400," said Mahaffey.
Lookout used its Mobile Threat Network, which analyzes apps acquired from both official and independent markets, and the malware-detection results from its security software, to come up with its statistics.
The Android malware problem shot into public view in early March, when Google yanked more than 50 apps infected with the "DroidDream" malware from the Android Marketplace, then continued with several more clusters found on Google's official download site and on third-party markets -- particularly those in China.
The rogue app model -- where attackers pirate a legitimate program, add malicious code and then re-release the app into the wild -- will continue to be the biggest mobile malware threat to Android users. "Repackaging [legitimate] apps will remain popular, simply because it's very effective," Mahaffey said.
But malware makers are getting more innovative, added Mahaffey, who declined to use the word "clever" to describe attackers' evolving tactics.
A new distribution channel, dubbed the "upgrade attack" by Mahaffey, has been used by at least one malware family to increase the pool of potential victims. An upgrade attack sidesteps the problem that hackers face when they release an infected app: The relatively small window of opportunity before their work is discovered and the app pulled from the Android Market or other download site.
"We've started to see [attackers] publish a clean app, then wait for a while before offering an update that's infected," said Mahaffey. "Because most people automatically update their apps, there's less time that the malware is on the market before it's installed by a lot of people."
Hackers are experimenting with different distribution models and various ways to monetize their work, Mahaffey observed.
"How do they get onto the device, and then how do they make money ... both are important," he said. "Mobile malware is now in the experimental stage, where attackers try innovative techniques to distribute their malware, and are engaging in experimental monetization."
- Researcher claims two hacker gangs exploiting unpatched IE bug
- Update: Third of Internet Explorer users at risk from attacks
- Microsoft plans another short patch slate for next week, but finds a few XP bugs to crush
- Target attack shows danger of remotely accessible HVAC systems
- Target hackers try new ways to use stolen card data
- Update: Microsoft to patch just-revealed Windows zero-day tomorrow
- NSA spying prompts open TrueCrypt encryption software audit to go viral
- Microsoft warns of Office zero-day, active hacker exploits
- Hackers move to create next Blackhole after 'Paunch' arrest
- Adobe hack shows subscription software vendors lucrative targets
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts