Android becoming Windows of mobile hacking world?

News 23 Aug, 2011

As by far the most targeted mobile OS in Q2, Android looks like it could become the Windows of the cyber crime world.

Android officially became the most attacked mobile operating system by far in the second quarter (Q2), indicating it is emerging as the Windows of the mobile hacking world.

McAfee data showed the amount of Android focused malware spiked 76 per cent in Q2 of 2011, when compared to Q1.

Of all new mobile malware created in the second quarter, approximately two thirds was aimed at Android. The second most targeted platform was Java ME, with around 12 per cent of new malware aimed at the OS.

The Android malware writing scene is heating up as the season of summer holidays is coming to its end.

Symbian was the third most attacked, whilst BlackBerry was fourth. Neither iOS nor Windows Phone 7 even featured in the McAfee rankings.

In its Q2 threat report, McAfee listed a host of Android malware examples that have tried to infiltrate phones via maliciously crafted apps. One examples was the DroidKungFu family, similar to the notorious DroidDream malware, which was able to install additional software and updates.

The overall number of mobile malware samples has doubled since 2009, with Android emerging as the hackers' pick. Microsoft's Windows has been cyber criminals' top choice for years, so Google will be pressing hard to ensure its OS does not become the mobile equivalent.

Mounting evidence?

Meanwhile, the pile of evidence pointing to Android’s popularity amongst cyber criminals has been growing.

Security researchers have picked up on a piece of malware known as Gingermaster, which was discovered in a Chinese alternative Android marketplace.

The malware was spotted hiding within apps offering “Beauty of the day" pictures.

“Apart from displaying the photos, Gingermaster creates a service that steals information from your device, sending it out to a remote website in an HTTP POST request,” explained Sophos researcher Vanja Svajcer, in a blog post.

“The information grabbed includes: user identifier, SIM card number, telephone number, IMEI number, IMSI number, screen resolution and local time… If the root exploit is successful, the system partition is remounted as writable and various additional utilities installed, supposedly to make removal more difficult and allow for additional functionality.”

Svajcer noted how Sophos had recorded a significant spike in Android malware too.

“The Android malware writing scene is heating up as the season of summer holidays is coming to its end,” he added. “Last week, we received a record number of samples which are now waiting to be analysed in detail.”

Trend Micro this week noted on its blog it saw a 1,410 per cent increase in the number of Android malware samples discovered from January to July 2011.

However, as Trend Micro itself said, malware is not a massive issue for Android users just yet.

“Our researchers opine that we have yet to reach a tipping point where malware becomes the biggest security issue for Android-based device users,” said Trend researcher Paul Oliveria.

“The fact that these malicious apps are out there to invade one’s privacy, to take control of a device, and to cost users money because of unnecessary billing charges are some things that should be taken seriously though.”