New malware leaped from 70,000 instances in 2009 to almost 90,000 so far this year, according to the McAfee Threats Report: Second Quarter 2012. And when it comes to targeting Android-based mobile devices, “it is fully functional and mature, and mobile malware writers know what they are looking for: consumer and business data,” the security firm said.
The latest method of Android infection is through malicious websites – a gambit that is well-known from the PC world. "If much of Android malware seems familiar to PC malware, it should come as no surprise," the report says. "Malware writers leverage the expertise they honed during the years of writing malware for other platforms."
For instance, one recent Android malware attack targeted female users in Japan, using emails directing them to a phony website loaded with malicious links.
McAfee alerts readers to a new threat as well: a botnet client called Android/Twikabot.A. The mechanism turns Android phones into zombie machines that respond to Twitter updates. Twitter accounts controlled by attackers issue seemingly innocuous tweets, but infected devices decipher the deeper meaning and follow the orders contained within.
"Using a service such as Twitter allows an attacker to leverage the resources of others without paying for a dedicated server or stealing one that belongs to a victim," the McAfee report says. "Internet relay chat servers have been exploited in the past for similar reasons, but using the web service gives attackers a small measure of anonymity."