Mobile malware targeting Google Android devices exploded in the first few months of 2012, according to a new report from McAfee.
Nearly 7,000 Android threats were identified and collected through the end of the 2012 first quarter, according to McAfee’s threat report.
This represents a more than 1,200 percent increase when compared with the 600 Android samples identified by the company by the end of 2011. The majority of these threats originate from third-party app stores as opposed to Google Play, the security firm said.
“I’d definitely steer clear of any third-party sites providing Android apps,” said Adam Wosotowsky, messaging data architect at McAfee Labs.
“The Android marketplace is open to anyone who wants to put their app on it unless that app doesn’t pass Google’s multi-layered quality checks. So you obviously wouldn’t want an app that couldn’t be put onto Android’s marketplace and I can’t think of any good reasons why a developer would say that they don’t want their app on the android marketplace but want it on third-party sites,” Wosotowsky said.
Malware targeting Windows PCs jumped as well, reaching the highest level detected in a single quarter in four years, according to the firm. In the fourth quarter of 2011, McAfee Labs had collected more than 75 million malware samples.
In the first quarter of 2012, the company detected 83 million pieces. Driving that increase was a bump in the number of rootkits and password stealers, with the latter reaching approximately 1 million samples. The main medium for propagating highly targeted attacks is email, with nearly all targeted attacks beginning with a spear phishing message.
Earlier this year, Google announced it was improving security for Android’s app marketplace with a malware detection system nicknamed “Bouncer,” which analyzes new applications before they are sold in the market to see if they contain known malware.
Financial profit is the main motivator for mobile malware, according to McAfee. Overall, 8,000 total mobile malware samples were collected during the quarter.
Though Mac malware was in the news during the past two months due to growth of the Flashback Trojan, the amount of Mac malware is still relatively tiny. According to McAfee, roughly 250 new Mac malware samples were detected in the quarter.
The botnet business continues to thrive, though global spam levels dropped to approximately 1 trillion monthly spam messages by the end of March. Decreases were the most significant in Brazil, Indonesia, Brazil and Russia, while China, Germany, Spain, Poland and the U.K. saw increases.
Botnet growth increased in the first quarter, reaching nearly five million infections at its highest point. Columbia, Japan, Poland, Spain, and the United States were the areas with the largest increase in botnet activity, while Indonesia, Portugal and South Korea were regions that continued to decline. The most prevalent botnet during the quarter was Cutwail, with more than two million new infections.
The United States was found to host most botnet control servers and is the location point for the vast majority of new malicious Websites, with an average of 9,300 new bad sites recorded each day. The United States was also the primary source of SQL injection and cross-site scripting attacks during the quarter, and had the highest number of victims of both kinds of attacks, the report stated.
“In the first quarter of 2012, we have already detected eight million new malware samples, showing that malware authors are continuing their unrelenting development of new malware,” said Vincent Weafer, senior vice president of McAfee Labs, in a statement.
“The same skills and techniques that were sharpened on the PC platform are increasingly being extended to other platforms, such as mobile and Mac; and as more homes and businesses use these platforms the attacks will spread, which is why all users, no matter their platforms, should take security and online safety precautions,” Weafer’s statement said.
According to McAfee the number of malicious Android apps surged from the hundreds to the thousands in the first quarter of 2012, compared to the same period last year.
In “McAfee Threats Report: First Quarter 2012″ the company reported that the number of mobile threats on Android reached 7,000 samples, while Symbian, Java ME (mobile edition), and “others” combined reached only 1,000.
Adam Wosotowsky, messaging data architect at McAfee Labs, attributed at least half of the newly detected malware to McAfee’s better detection methods, such as identifying more third party app stores and improving its scanning technology. Even taking this into consideration, he estimates Android malware has “definitely more than doubled” since the same time last year.
Not the “Year of Android Malware” Yet…
The figures are alarming, but it’s still fairly easy to keep your Android devices clean of malware. For starters, steer clear of third-party app stores (outside Google Play or Amazon App Store for Android). Unlike in the PC environment where worms can spread without any user involvement, mobile infections still rely on users installing malicious apps. Most Android malware still originates from and targets users in China and Russia, and gets distributed through non-official app stores.
However, attackers are becoming more sophisticated in their methods. In early May, Lookout Mobile Security reported a primitive sort of drive-by download, where attackers used compromised websites to trick Android users into installing the “NotCompatible” Trojan. When a user visited a compromised website, the malicious app would automatically begin downloading. However a user would still be prompted to install the app before it could exploit anything.
McAfee also found “significant amounts” of new adware, which even security-conscious Android owners can catch from official app stores.
Mobile adware refers to code within ad networks that can access more data perform more functions on your device than you’re probably aware of. For example in January, vendors Symantec and Lookout squabbled over the the shade of grey of one particularly aggressive ad network being used to monetize free Android apps. Symantec initially identified it as malware called “Android.Counterclank,” but hours later, Lookout Mobile Security said the SDK in question was really an aggressive ad network called “Apperhand” that placed a search icon on your mobile desktop without your permission, and pushed ads through the notice bar.
Google Play doesn’t block adware (after all it runs one of the most ubiquitous ad networks, AdMob) which can be a bigger problem for Android owners.
Fortunately, many vendors now offer ad network detectors that explain what the ad network dropped in your Angry Birds Lite can do. Check out Lookout Ad Network Detector or TrustGo Ad Detector for such tools.
As far as mobile security suites go, Lookout for Android is PCMag’s Editors’ Choice for Android security, but other high-performing malware detectors include F-Secure Mobile Security 7.6 and McAfee Mobile Security 2.0. All have free versions that include a quick malware scan.