Android securityThe recent trend of attackers focusing their attention on mobile platforms such as Android, Symbian and iOs is continuing to accelerate, researchers say, and the threats to smartphones are becoming more and more sophisticated and dangerous.

Android is becoming the focus of much of the attention from attackers these days, thanks to its growing market share, especially in the U.S. Many of the most dangerous recent mobile attacks have targeted the Android platform, including the DroidDream malware, which has been found in dozens of apps in the Android Market in recent months. There also have been some other pieces of malware that employed root exploits to elevate privileges on Android devices, so the level of sophistication of attacks on the platform is advancing steadily.

“As we watch steady, significant growth in the mobile malware threat landscape, many of the same functions and features of PC-based threats are already part of the codebase. Mobile threats already take advantage of exploits, employ botnet functionality, and even use rootkit features for stealth and permanence,” McAfee said in its research report for the second quarter. “Maliciously modified apps are still a popular vector for infecting devices: Corrupt a legitimate app or game and users will download and install malware on their smartphones by themselves.”

The company found that malware targeting the Android platform was by far the most prevalent in the second quarter, more than triple the amount that targeted Java Micro Edition and far more than any other mobile platform, such as Symbian or BlackBerry. Targeted malware for Apple’s iOS was essentially non-existent in the quarter, a fact that may be attributable to the difficulty of getting access to the iOS code itself as well as to some of the security improvements that Apple has made, including sandboxing and exploit mitigations.

Interestingly, McAfee also found that AutoRun malware was the most prevalent kind of threat in every region of the world except for Europe/Middle East and Australia. AutoRun also was the top global malware threat for the second quarter. AutoRun malware has been a focus for security companies and Microsoft researchers for quite a while now, and Microsoft earlier this summer said that its own research had found that AutoRun infections were declining sharply. In February Microsoft had begun releasing updates for various platforms that changed the way that Windows machines handled AutoRun on various media.

“These infections started their decline when the update was released and
in May hit an all-time low. (There was a small uptick in April, but that
was likely caused by the a second MSRT release
at the end of that month.) In comparison to the three months prior to
the update, we saw 1.3 million fewer infections on Windows Vista and XP
from February to May,” the blog post by Holly Stewart said.

Categories: Malware, SMB Security

Comments (2)

  1. jonny
    1

    Reports like this frustrate me. I bought a $800 HTC Desire HD early this year. I cannot root it without voiding the warranty. I cannot kill the thousands of looped processes which spawn instantly when I use an app which claims to be able to. I can do nothing. Anti-malware solutions do nothing. The thousands of pages of unbelievable logs recorded by the “Report to HTC” feature – which mention the word “remote” far too often for comfort – are never looked at by anyone at HTC or Google. I’ve taken the phone in to HTC Service Center multiple times, and I wait.

    I stare at marketing banners telling me that HTC is all about solutions and saying “Yes!” to customers. I stare for hours, wishing I could appreciate the irony of a marketing poster informing me that HTC always has a “little just waiting under the surface, to delight and surprise” customers.

    I don’t get it. Hidden cached processes for hundreds of default apps I never need, which sync with Microsoft apps I’ve never even used (let alone setup for sync) – this is “under the surface”? I don’t think so. And HTC Thailand’s answer is that I cannot delete their 100 default 2.3 apps, if I root my phone I root my warranty – and that I “shouldn’t complain, as many customers find those features very useful”.

    Law / social decorum permits them to say this – to my face – but if I respond proportionately, I’ll have caused a scene or (depending on how proporpotional) go to prison for destroying months of their lives and needlessly destroying obscene $ worth of property. This is the law. So I sigh, and thank them.

    I’d root the phone, but I couldn’t work it out. So I took it into the guys that root phones for a living. They couldn’t do it, either. I guess I’ll throw it out? Articles like this annoy me, because maybe you shouldn’t report what companies claim, as if the figures were remotely factual.

    Let me introduce you to the concept of “marketing”. You may have heard of it? Have you heard of HTC? They always have a little bit in reserve, just under the surface, waiting to surprise and delight you. Just don’t reject their imposed ‘services’ – or they they might just go ahead and reformat your attitude.

  2. Anonymous
    2

    wow… so many things wrong with that post… rooting it will allow you to disable and uninstall various things, but the reason they don’t want you rooting it is that it increases the chance of virus infection PLUS it removes the ability to support the system (it’s like saying you support linux and then realize there are a billion different installations and you can’t support my backtrack installation (or DSL linux or slax or …)).  All pone manufacturers toss extra software in the background.  Windows phone does, iphone does, and android does.  Some applications are required to run in the background, some are there to make your phone more “efficient” given specific circumstances.  If you read your TOS, you will know what you are allowed to do with your phone and what you are not allowed to do.  With android 2.3, you can disable and uninstall a lot of apps and services that you do not use (I can get mine down to about 30 apps which are only critical system apps if I wanted, but I use my phone for more than just a phone).

    I imagine that most of their “100 default 2.3 apps” are not running constantly and the ones that are are probably system critical apps.  When I check my serivices to see what is constantly running, I have maybe 10 apps that it lists, plus the 5 I know are in the background that are not listed.  I have downloaded tons of apps and have yet to get a virus.  It is easy to steer clear of viruses as the phone tells you what permissions the app is looking for… if you can read you should not get a virus on your phone… for example, if a game is saying it needs admin (root) permissions on your phone, it is probably a bad idea to install it (there are exceptions such as lookout).

    And if you don’t like all of the apps reporting stuff back, turn off the data network and wifi.  No internet access, no data reporting.  or root it.  There is no way they can tell on their end and if your phone does screw up, just un-root it then bring it back in… ain’t that hard to do.

Comments are closed.