Android Malware Increasing, AutoRun Attacks Still Prevalent

The recent trend of attackers focusing their attention on mobile platforms such as Android, Symbian and iOs is continuing to accelerate, researchers say, and the threats to smartphones are becoming more and more sophisticated and dangerous.

Android securityThe recent trend of attackers focusing their attention on mobile platforms such as Android, Symbian and iOs is continuing to accelerate, researchers say, and the threats to smartphones are becoming more and more sophisticated and dangerous.

Android is becoming the focus of much of the attention from attackers these days, thanks to its growing market share, especially in the U.S. Many of the most dangerous recent mobile attacks have targeted the Android platform, including the DroidDream malware, which has been found in dozens of apps in the Android Market in recent months. There also have been some other pieces of malware that employed root exploits to elevate privileges on Android devices, so the level of sophistication of attacks on the platform is advancing steadily.

“As we watch steady, significant growth in the mobile malware threat landscape, many of the same functions and features of PC-based threats are already part of the codebase. Mobile threats already take advantage of exploits, employ botnet functionality, and even use rootkit features for stealth and permanence,” McAfee said in its research report for the second quarter. “Maliciously modified apps are still a popular vector for infecting devices: Corrupt a legitimate app or game and users will download and install malware on their smartphones by themselves.”

The company found that malware targeting the Android platform was by far the most prevalent in the second quarter, more than triple the amount that targeted Java Micro Edition and far more than any other mobile platform, such as Symbian or BlackBerry. Targeted malware for Apple’s iOS was essentially non-existent in the quarter, a fact that may be attributable to the difficulty of getting access to the iOS code itself as well as to some of the security improvements that Apple has made, including sandboxing and exploit mitigations.

Interestingly, McAfee also found that AutoRun malware was the most prevalent kind of threat in every region of the world except for Europe/Middle East and Australia. AutoRun also was the top global malware threat for the second quarter. AutoRun malware has been a focus for security companies and Microsoft researchers for quite a while now, and Microsoft earlier this summer said that its own research had found that AutoRun infections were declining sharply. In February Microsoft had begun releasing updates for various platforms that changed the way that Windows machines handled AutoRun on various media.

“These infections started their decline when the update was released and
in May hit an all-time low. (There was a small uptick in April, but that
was likely caused by the a second MSRT release
at the end of that month.) In comparison to the three months prior to
the update, we saw 1.3 million fewer infections on Windows Vista and XP
from February to May,” the blog post by Holly Stewart said.

Suggested articles


  • jonny on

    Reports like this frustrate me. I bought a $800 HTC Desire HD early this year. I cannot root it without voiding the warranty. I cannot kill the thousands of looped processes which spawn instantly when I use an app which claims to be able to. I can do nothing. Anti-malware solutions do nothing. The thousands of pages of unbelievable logs recorded by the "Report to HTC" feature - which mention the word "remote" far too often for comfort - are never looked at by anyone at HTC or Google. I've taken the phone in to HTC Service Center multiple times, and I wait.

    I stare at marketing banners telling me that HTC is all about solutions and saying "Yes!" to customers. I stare for hours, wishing I could appreciate the irony of a marketing poster informing me that HTC always has a "little just waiting under the surface, to delight and surprise" customers.

    I don't get it. Hidden cached processes for hundreds of default apps I never need, which sync with Microsoft apps I've never even used (let alone setup for sync) - this is "under the surface"? I don't think so. And HTC Thailand's answer is that I cannot delete their 100 default 2.3 apps, if I root my phone I root my warranty - and that I "shouldn't complain, as many customers find those features very useful".

    Law / social decorum permits them to say this - to my face - but if I respond proportionately, I'll have caused a scene or (depending on how proporpotional) go to prison for destroying months of their lives and needlessly destroying obscene $ worth of property. This is the law. So I sigh, and thank them.

    I'd root the phone, but I couldn't work it out. So I took it into the guys that root phones for a living. They couldn't do it, either. I guess I'll throw it out? Articles like this annoy me, because maybe you shouldn't report what companies claim, as if the figures were remotely factual.

    Let me introduce you to the concept of "marketing". You may have heard of it? Have you heard of HTC? They always have a little bit in reserve, just under the surface, waiting to surprise and delight you. Just don't reject their imposed 'services' - or they they might just go ahead and reformat your attitude.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.