Malware threats targeting Google’s (NASDAQ:GOOG) open-source Android operating system returned with a vengeance during the second quarter after declining slightly during the first three months of 2013, increasing 35 percent to achieve growth rates not seen since early last year, security solutions firm McAfee reports.
“This quarter ‘backdoor’ Trojans, which steal data without the victim’s knowledge, and malware that goes after banking login information made up the largest portion of all new mobile malware families,” McAfee said. “Spyware has also been active, and malware authors continue to target activists. Halfway through 2013 we have already collected almost as many mobile malware samples as in all of 2012. Will the count double by the end of the year? That much and more, we expect. This quarter we added more than 17,000 Android samples to our database.”
McAfee also cited sharp increases in Android banking malware. “Many banks implementing two-factor authentication require customers to log into their online accounts using a username, password and a mobile transaction number sent to their mobile device via a text message,” the firm notes. “McAfee Labs researchers identified four significant pieces of mobile malware that capture the traditional usernames and passwords, and then intercept SMS messages containing bank account login credentials. The malicious parties then directly access accounts and transfer funds.”
McAfee researchers additionally identified surges in dating and entertainment apps that dupe consumers into signing up for non-existent premium services, adding that scammers are adding insult to injury by also selling user information and personal data stored on victims’ Android devices. Other mounting threats include Trojanized apps altered to act as spyware that collect large amounts of personal user information and upload the data to the attacker’s server, as well as fake tools like app installers that masquerade as helpful tools but actually install malware.
“The mobile cybercrime landscape is becoming more defined as cybergangs determine which tactics are most effective and profitable,” said McAfee Labs Senior Vice President Vincent Weafer. “As in other mature areas of cybercrime, the profit motive of hacking bank accounts has eclipsed the technical challenges of bypassing digital trust. Tactics such as the dating and entertainment app scams benefit from the lack of attention paid to such schemes, while others simply target the mobile paradigm’s most popular currency: personal user information.”
Security experts have blamed Android fragmentation for the platform’s vulnerabilities, noting that the vast majority of devices run older versions of the Android OS, preventing them from receiving new security measures delivered by Google and leaving users exposed to threats. Critics also maintain that Google has failed to sufficiently police its Google Play digital storefront, making it easy for attackers to distribute malware via Android apps.
– read this release
Bluebox: Android security flaw exposes 99 percent of devices to hacker attack
Lookout: 1M U.S. Android owners have downloaded adware in past year
Android malware disguised as mobile ad network infects up to 9 million devices
ACLU lobbies FTC to probe carriers over Android security
Report: Android malware doubled in 2012, infecting 3 million devices
Apple exec Schiller takes shot at Android over malware headaches