LAS VEGAS – According to a new report from Lookout Inc., smartphones running operating systems based on Google Inc.’s Android mobile platform are now 2.5 times more likely to be infected by Android phone malware than they were a mere six months ago.
Malware writers have become increasingly creative with the tactics they use to get users to download malware.
Kevin Mahaffey, co-founder and CTO, Lookout Inc.
The San Francisco-based mobile security vendor issued its 2011 Mobile Threat Report on the heels of the Black Hat 2011 security conference, highlighting the increasing threats to smartphones and the dangers of Android devices. Kevin Mahaffey, co-founder and CTO of Lookout, said in a statement that to develop its analysis of Android security issues, his team aggregated data from more than 700,000 apps and 10 million devices worldwide.
“Malware writers have become increasingly creative with the tactics they use to get users to download malware,” Mahaffey wrote in a blog entry announcing the report. “Monetary motivations seem to be the primary goal, but the sheer amount of personal information stored in our smartphones also becomes a target for attackers to get creative.”
Despite smartphone makers’ increasing use of sandboxing, a security feature that isolates apps from critical device processes, attackers are finding ways to bypass the restrictions to take control of the phone, according to the report. Lookout also said three out of 10 Android owners are likely to encounter a Web-based threat on their device annually. Malicious links have become more prevalent, the report added, as attackers are using a variety of common phishing scams to lure users to attack websites.
In addition, Lookout predicted the increasing use of new malware distribution techniques, such as malvertising , upgrade attacks and multi-stage attacks. Malvertising copies the way legitimate developers use in-app advertisements to trick users into downloading malware from phony websites imitating the Android Market. In a technique, which Lookout calls upgrade attacks, the developer of a legitimate app waits for a large user base and then simply updates the app with malware. Multi-stage attacks use hidden code inside what appears to be a legitimate app to change its behavior based on a configuration change downloaded from a server.
Lookout reported the number of Android apps infected with malware went from 80 in January of this year to more than 400 in June. This is in part because malware writers are using existing malware to create new, more dangerous variants. For instance, DroidDream variants accounted for more than 80 infected applications under a variety of developer names. The authors of GGTracker have published 15 infected apps across third-party Android app stores and alternative Android download sites. GGTracker signs users up for a premium SMS ringtone service, adding charges to the user’s monthly mobile bill.
Lookout’s report also asserts Apple iPhone users are not immune to Web-based attacks or mobile malware, but that Apple’s App Store security restrictions and review process have helped keep cybercriminals from distributing malicious mobile apps. Apple iOS smartphones can be jailbroken, allowing a user to load applications from third-party sources, which Lookout said puts users at an increased risk of infection.