Mobile malware is on track to double again in 2011, as it has every year since 2007, according to a report from Kaspersky Lab. Malicious programs for mobile devices, that were reported three years ago, today resemble PC viruses and platforms like Google’s Android have become a hacker’s target of choice.
The rising popularity of Android platform — Canalys data suggests that 35.7 million Android-supported units were shipped in the first quarter this year increasing its share to 35 per cent globally. Asia-Pacific is the largest smartphone market region, and Canalys estimates that China, South Korea and India delivered the strongest volumes and registered triple-digit growth.
“Given that the platform is in its early stages combined with its increasing popularity, it is very likely that attacks on Android will significantly increase in the years to come,” says Vinoo Thomas, technical product manager, McAfee Labs. Some of the Android specific malware that McAfee has discovered are “Fake Player Codec” that poses as a media player application but once installed starts sending premium-rated text messages. Another Android malware Geinimi poses as a legitimate application and is the first Android malware in the wild that displays botnet-like capabilities. “Once the malware is installed on a user's phone, it has the potential to receive commands from a remote server that allows the owner of that server to control the phone,” Thomas details. In such a situation, an attacker can remotely send location co-ordinates of the user, transmit device identifiers, install malicious applications, read or send SMS, access e-mails or corporate data if the user has such data on the device — in short potentially access and use any device, personal or corporate information that is on the phone for malicious gains.
Denis Maslennikov, senior malware analyst (Mobile Research Group Manager), Kaspersky Labs claims, “Seven per cent of all mobile malware we have discovered is created for Android devices. Cybercriminals are becoming more and more interested in this platform now. The number of modifications of Android malware has already outrun the number of modifications of Windows Mobile malware.” He admits that the level of sophistication of Android malware is expected to continue. “It is easy to write code for Android, easy to make changes to existing applications, and there is a large group of users to attack,” Maslennikov adds. A Symantec security expert, Mario Ballano, wrote in an official blog that Android malware is spreading mostly through compromised versions of legitimate applications, available on unregulated third-party Android marketplaces.
Devices running on the Symbian and Microsoft Windows Mobile, which are the oldest mobile platforms, were the prime targets by cybercriminals. Juniper Networks Global Threat Center recently reported polymorphic malware, which changes its characteristics during propagation to avoid detection, on the Symbian and Microsoft Windows Mobile platforms.
