Spike in mobile malware doubles Android users' chances of infection
'Startup phase of mobile malware' shows experimentation by attackers, says expert
Computerworld - An explosion in mobile malware during the last six months has more than doubled the chance that a user's Android smartphone will become infected, a security researcher said today.
According to Lookout Security, which develops anti-malware software for Android but not for Apple's iPhone, the likelihood of an Android owner encountering malware has jumped by two-and-a-half times since January.
By June, between 1% and 5% of Android users -- the number varies by country -- had been infected by mobile malware, said Kevin Mahaffey, co-founder and CTO of San Francisco-based Lookout.
Mahaffey blamed a dramatic spike in malware targeting Android for improving hackers' odds. "In January, we saw only 80 unique pieces of Android malware, but by the end of June we tracked over 400," said Mahaffey.
Lookout used its Mobile Threat Network, which analyzes apps acquired from both official and independent markets, and the malware-detection results from its security software, to come up with its statistics.
The Android malware problem shot into public view in early March, when Google yanked more than 50 apps infected with the "DroidDream" malware from the Android Marketplace, then continued with several more clusters found on Google's official download site and on third-party markets -- particularly those in China.
The rogue app model -- where attackers pirate a legitimate program, add malicious code and then re-release the app into the wild -- will continue to be the biggest mobile malware threat to Android users. "Repackaging [legitimate] apps will remain popular, simply because it's very effective," Mahaffey said.
But malware makers are getting more innovative, added Mahaffey, who declined to use the word "clever" to describe attackers' evolving tactics.
A new distribution channel, dubbed the "upgrade attack" by Mahaffey, has been used by at least one malware family to increase the pool of potential victims. An upgrade attack sidesteps the problem that hackers face when they release an infected app: The relatively small window of opportunity before their work is discovered and the app pulled from the Android Market or other download site.
"We've started to see [attackers] publish a clean app, then wait for a while before offering an update that's infected," said Mahaffey. "Because most people automatically update their apps, there's less time that the malware is on the market before it's installed by a lot of people."
Hackers are experimenting with different distribution models and various ways to monetize their work, Mahaffey observed.
"How do they get onto the device, and then how do they make money ... both are important," he said. "Mobile malware is now in the experimental stage, where attackers try innovative techniques to distribute their malware, and are engaging in experimental monetization."
- Russian credential theft shows why the password is dead
- Cybersecurity should be professionalized
- Feds declare big win over Cryptolocker ransomware
- Hackers hit more businesses through remote access accounts
- P.F. Chang's post-breach move to manual processing is telling
- Microsoft withholds monster IE update from Windows 8.1 dawdlers
- In baffling move, TrueCrypt open-source crypto project shuts down
- 'Oleg Pliss' hack makes for a perfect teachable IT moment
- Give IE the heave-ho until Microsoft patches zero-day
- Hackers find first post-retirement Windows XP-related vulnerability
- Learn More About Peer 1 Hosting's Mission Critical Cloud Mission Critical Cloud from Peer 1 Hosting is enterprise-ready, creating a perfect point of adoption whether you need an off-premise solution for development
- What Makes a Cloud Solution Truly Enterprise-Grade? Future enterprise cloud capabilities will evolve from five core elements...
- Securing Mobile App Data - Comparing Containers and App Wrappers Analysts agree that Mobile Device Management (MDM) is not enough when it comes to securing app data. Although it remains a critical component...
- PCI 3.0 Compliance In this white paper, learn how PCI-DSS 3.0 effects how you deploy and maintain PCI compliant networks using CradlePoint devices.
- Cloud and Collaboration: Driving Your Business Value Mission Critical Cloud from Peer 1 Hosting is enterprise-grade.
- Peer 1's Mission Critical Cloud: Your Cloud, Your Way Peer 1 Hosting's Mission Critical Cloud offers the ultimate in flexible customization of infrastructure, resources and support. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!