Spike in mobile malware doubles Android users' chances of infection
'Startup phase of mobile malware' shows experimentation by attackers, says expert
Computerworld - An explosion in mobile malware during the last six months has more than doubled the chance that a user's Android smartphone will become infected, a security researcher said today.
According to Lookout Security, which develops anti-malware software for Android but not for Apple's iPhone, the likelihood of an Android owner encountering malware has jumped by two-and-a-half times since January.
By June, between 1% and 5% of Android users -- the number varies by country -- had been infected by mobile malware, said Kevin Mahaffey, co-founder and CTO of San Francisco-based Lookout.
Mahaffey blamed a dramatic spike in malware targeting Android for improving hackers' odds. "In January, we saw only 80 unique pieces of Android malware, but by the end of June we tracked over 400," said Mahaffey.
Lookout used its Mobile Threat Network, which analyzes apps acquired from both official and independent markets, and the malware-detection results from its security software, to come up with its statistics.
The Android malware problem shot into public view in early March, when Google yanked more than 50 apps infected with the "DroidDream" malware from the Android Marketplace, then continued with several more clusters found on Google's official download site and on third-party markets -- particularly those in China.
The rogue app model -- where attackers pirate a legitimate program, add malicious code and then re-release the app into the wild -- will continue to be the biggest mobile malware threat to Android users. "Repackaging [legitimate] apps will remain popular, simply because it's very effective," Mahaffey said.
But malware makers are getting more innovative, added Mahaffey, who declined to use the word "clever" to describe attackers' evolving tactics.
A new distribution channel, dubbed the "upgrade attack" by Mahaffey, has been used by at least one malware family to increase the pool of potential victims. An upgrade attack sidesteps the problem that hackers face when they release an infected app: The relatively small window of opportunity before their work is discovered and the app pulled from the Android Market or other download site.
"We've started to see [attackers] publish a clean app, then wait for a while before offering an update that's infected," said Mahaffey. "Because most people automatically update their apps, there's less time that the malware is on the market before it's installed by a lot of people."
Hackers are experimenting with different distribution models and various ways to monetize their work, Mahaffey observed.
"How do they get onto the device, and then how do they make money ... both are important," he said. "Mobile malware is now in the experimental stage, where attackers try innovative techniques to distribute their malware, and are engaging in experimental monetization."
- Researcher claims two hacker gangs exploiting unpatched IE bug
- Update: Third of Internet Explorer users at risk from attacks
- Microsoft plans another short patch slate for next week, but finds a few XP bugs to crush
- Target attack shows danger of remotely accessible HVAC systems
- Target hackers try new ways to use stolen card data
- Update: Microsoft to patch just-revealed Windows zero-day tomorrow
- NSA spying prompts open TrueCrypt encryption software audit to go viral
- Microsoft warns of Office zero-day, active hacker exploits
- Hackers move to create next Blackhole after 'Paunch' arrest
- Adobe hack shows subscription software vendors lucrative targets
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts