Android Is the New Windows, at Least for Malware
CREDIT: Google/Creative Commons
The variety and sheer volume of Android malware is growing at an alarming rate, creating an environment similar to the one Windows users have had to contend with for decades, a new report finds.
The Mobile Threat Report for January-March 2013 from Finnish security company F-Secure also found many providers who specialize in writing custom Android malware programs.
"While the raw amount of Android malware continues to rise significantly, it is the increased commoditization of those malware that is the more worrying trend," the report said. "The Android malware ecosystem is beginning to resemble that which surrounds Windows, where highly specialized suppliers provide commoditized malware services."
In the past year, the number of mobile threat families and variants increased by more than 150 percent, from 61 to 149. Of those, 136 were written for Android and 13 for the antiquated mobile OS Symbian.
There were no new mobile threats reported for Apple iOS, BlackBerry phones or any form of Windows Phone.
The report used examples of two pieces of malware, known as "Stels" and "Perkele," that cropped up in the past six months.
Stels originally defrauded victims by secretly sending text messages to premium-rate numbers, but now uses a spam module to trick victims into installing a malicious program with a fake "Flash Player Update" that makes secret expensive phone calls.
Perkele works in conjunction with a PC banking Trojan, such as Zeus, and uses text-message-spying tactics to steal the information to beat two-step login verification protections.
Both Stels and Perkele, and many other nefarious methods of parting victims from their money, are nothing new to traditional desktop environments.
But the report notes that Android users are faced with a much more diverse and menacing malware landscape than they were just one year ago.
F-Secure also noted an uptick in the amount of targeted attacks aimed at Android devices, noting that an Android Trojan was infecting Chinese human-rights activists via the compromised account of a Tibetan dissident.
"Highly targeted attacks against such activists [are] nothing new; they have long been the target of even the small amount of existing Mac malware," the report noted. "Now that it has been demonstrated that Android malware is targeting human-rights activists, it is only a matter of time before such Trojans will be used against countries and governments."
The report points to the importance of treating mobile device security with the same seriousness as traditional PC security. As the relatively new platform grows and is more widely adopted, hackers and criminals will continue to exploit program flaws to cause mischief and for their own financial gain.
Malware authors see plenty of opportunities yet to be explored on the relatively new and growing platform, the report said — "and they are drawing inspiration from Windows malware’s approaches."
Android users can best protect themselves by keeping their mobile security software up-to-date and keeping a skeptical eye towards links and messages from strangers.