Devices running the Google Android platform have become the most popular group of targets for mobile malware developers, outpacing Java Micro Edition and Symbian platforms, according to a new quarterly threat report issued by McAfee Inc. Android attacks have been identified as having botnet functionality and rootkit features that can remain largely undetectable to the average device user.
“This quarter the count of new Android-specific malware moved to number one, with J2ME (Java Micro Edition) coming in second while suffering only a third as many malware,” McAfee said in its McAfee Threats Report: Second Quarter 2011 (.pdf), released today. “This increase in threats to such a popular platform should make us evaluate our behavior on mobile devices and the security industry’s preparedness to combat this growth.”
Remaining relatively unscathed is Apple Inc.’s iPhone, which runs iOS. Restrictive measures to Apple’s App Store and the closed nature of the device’s operating system have kept attackers away from the iPhone. McAfee identified no new malware samples targeting the iPhone in the second quarter. Meanwhile, it identified 44 new malware samples targeting the Google Android platform.
Total mobile malware samples increased from 900 in the second quarter of 2010 to more than 1,200 in the second quarter of 2011. It’s still a tiny fraction of the more than six million unique malware samples identified by McAfee in the second quarter.
Numerous security experts have issued warnings recently about cybercriminals increasing interest in mobile platforms. While mobile platforms are typically built with a number of safeguards, including the ability to isolate applications from critical system processes via a feature called sandboxing, some cybercriminals have found ways to bypass such restrictions using application vulnerabilities.
In its report, McAfee said attackers are getting malicious applications past Google’s less-restrictive Android Market.
“Maliciously modified apps are still a popular vector for infecting devices,” McAfee said. “Corrupt a legitimate app or game and users will download and install malware on their smartphones by themselves.”
McAfee also reported an increase in for-profit mobile malware, including simple SMS-sending Trojans and complex Trojans that use exploits to compromise smartphones. Two such Trojan families include Crusewin and SMSHider, which can sign victims up for premium-rate subscription services that are billed directly to the victim’s cellular provider. Meanwhile, DroidKungFu, a sophisticated Android Trojan discovered in June, uses a pair of root exploits to attack the device.
Tom Kellermann, chief technology officer at AirPatrolCorp., a Columbia, Md.-based firm that specializes in wireless security systems that track smartphones to lock them out or reduce their functionality in sensitive areas in the enterprise, said he wasn’t surprised by McAfee’s findings in regard to increased Android malware or the dearth of iPhone malware.
“Android has [been] fully opened up, which is why you’re seeing many more successful attacks and much more malware that has been successful against the Android operating system,” Kellermann said.
Conversely, he added, Apple’s closed ecosystem, by its very nature, has kept its attack surface extremely low. “Because Apple hasn’t shown the world their exoskeleton and created an open API environment like Android has, it is more secure from those types of infiltrations and more successful attack code.”