Mobile phones, particularly those that run Android OS, are increasingly being targeted by malicious software (malware), according to a new second quarter threat report released Thursday from security firm McAfee.
Once downloaded, the malicious codes do everything from spam contacts with humorous or costly text messages (earning mobile hackers money for referring traffic to premium numbers) to more insidious hacks, allowing attackers to obtain users’ personal information, even giving them control over large parts of the compromised Anrdoid gadgets.
“There is malware ending up on Android phones that is coming out of China and is being used to steal the identity of Android users,” Dave Marcus, director of security research at McAfee Labs, told The New York Times. “Once hackers take control of an Android device they have access to any kind of information on there including personal data, G.P.S. logs and carrier and billing code information.”
If that sounds dire, buckle up, because more is on the way: McAfee’s report predicts an increase in malware, enough to bring its total collection of samples up to 75 million by the end of the year, up from 55 million last year.
McAfee found that malware attacks on Android devices have increased by 76 percent over last quarter, with “maliciously modified apps” being the primary vehicles by which hackers managed to trick users into downloading their malicious code.
Programs that resemble apps users know and love, such as modified versions of “Angry Birds,” were highlighted as examples in the report.
The numbers aren’t surprising in a sense since Android has grown in popularity with consumers: More than half of the smartphone sales in America in Q2 were of Android devices, according to ND Group.
In total, McAfee identified 14 specific malware attacks on Android last quarter, compared to 12 on J2ME (Java Platform, Micro Edition, which runs on older Nokia phones, among others), 4 on Blackberry and none on iPhone’s iOS.
The firm collected 1,200 different pieces of mobile malware during their research, double the amount from two years ago.
But for all of those Apple fans and iPhone owners gloating out there over the fact their devices were seemingly impervious to malware (at least in Q2) take heed.
Buried in the report is the admission:
…fake anti-virus software (a.k.a. fake-alert or rogue anti-virus software) continues to show consistent growth and has even begun to climb aboard a new platform: the Mac. You read that right; fake-AV for Apple’s platform is now a reality. This does not surprise us at McAfeeLabs. There are more Mac users than ever before as well as steady business adoption. This puts the Apple platforms squarely in the crosshairs of malware authors. It will be interesting to see if this type of malwaremakes its way to the iPhone and iPad as well. It is probably a case of “when” rather than “if.”
Indeed, as McAfee security strategist Toralv Dirro told CRN:
“More and more people are using smartphones or iPads for Web surfing and online shopping…With those devices being used more in business expect that this trend of mobile malware and more attacks against mobile devices to continue.”
And with new models of both Android phones and the iPhone expected to be released in the coming months, the potential targets for hackers – and the potential payoffs – will only increase.
We’ve contact Google to ask them what they plan to do about the news, and will update when we receive a response.
Get the day’s best political analysis, news and reporting from the TPM team delivered to your inbox every day with DayBreaker. Sign up here, it takes just a few seconds.
