Android now 'mobile world's equivalent' of Windows for hackers

The difference between Windows and Android malware is that the latter is evolving much quicker

The capabilities of malware targeting the market-leading Android platform are mimicking those of Trojans that have wrung profits from Windows PC users for years, a new study shows.

With nearly an 80 percent market share, Android's mobile dominance parallels Windows in the PC world, making Google's operating system the "mobile world's equivalent," Kaspersky Lab said in its latest Threat Evolution report, released on Thursday.

The difference between Windows and Android malware is that the latter is evolving much quicker, as criminals borrow from what they learned in targeting PCs since the 1990s.

"The evolution of Android malware has gone much more quickly than the evolution of Windows malware," Roel Schouwenberg, a senior researcher for Kaspersky Lab, told CSOonline.

The peak in Android malware development so far was Backdoor.AndroidOS.Obad.a, which Kaspersky labeled in June as the most sophisticated mobile Trojan to date. Capabilities included opening a backdoor for downloading files, stealing information about the phone and its apps, sending SMS messages to premium rate numbers and spreading malware via Bluetooth.

Obad also reached new heights in its use of encryption and code obfuscation to thwart analysis efforts. In addition, it exploited three previously unknown Android vulnerabilities.

Looking at Obad overall, Kaspersky determined that the Trojan looked more like Windows malware than the typical Android program.

The vast majority of malware written today still targets the much more profitable Windows PC. Nevertheless, the rising number of malicious code samples indicated there is a new generation of developers working hard on breaking into smartphones, which surpassed PCs in shipments in 2011.

"That's where they believe the future is, and the future is there," Schouwenberg said.

[Also see: New malware shows Android has a target on its back]

In the first half of this year, the number of malicious code samples collected by Kaspersky broke 100,000 for the first time. For all of 2012, the security vendor collected about 76,000 samples.

Nevertheless, infection rates remain very low. For example, in watching Obad over a three-day period in June, Kaspersky found that attempts to install the malware reached only 0.15% of all infection tries by programs.

Part of the reason for the low infection rate overall is a paucity of channels for distributing malware. Most infections today occur through downloading malicious code tucked in an app found in an online app store, other than the official Google Play store.

Most of the users of those third-party stores are in Asia and Russia. In the U.S., smartphone users favor Google Play, which scans for malware.

The infection rate is expected to rise as other distribution methods evolve. Spam carrying links to malicious web sites is often used today and is expected to increase.

In addition, Kaspersky is seeing an increasing number of ads in mobile apps pointing to malicious sites. The vendor has also found a handful of sites with the popular Blackhole exploit kit, modified to download malware when the visitor is using an Android device.

Another troubling trend is the type of mobile malware discovered in the wild. While Trojans that send SMS messages to premium numbers account for the majority of smartphone infections, Kaspersky collects more mobile malware with backdoors for connecting to command and control servers.

"As soon as backdoors and Trojan downloaders come into play, that's when you realize these guys are trying to do something that's a little bit more sophisticated," Schouwenberg said.

Read more about wireless/mobile security in CSOonline's Wireless/Mobile Security section.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Antone Gonsalves

CSO (US)
Topics: applications, Android, Data Protection | Wireless, software, data protection, kaspersky lab, malware, Google, Microsoft Windows, consumer electronics, security, smartphones, mobile security
Comments are now closed.

Latest News Articles

Most Popular Articles

Follow Us

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Resources

Best Deals on GoodGearGuide

Compare & Save

Deals powered by WhistleOut
WhistleOut

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?