Android is exclusive focus of mobile malware writers, says McAfee

Malware targeted at Android devices jumped nearly 37% since last quarter, according to McAfee
Malware targeted at Android devices jumped nearly 37% since last quarter, according to McAfee

The amount of malware targeted at Android devices jumped nearly 37% since last quarter, McAfee Labs’ third quarter threats report found.

At the end of 2010, McAfee Labs predicted that malware would reach 70 million unique samples by the end of 2011. Because of the proliferation of malware this year, McAfee Labs has increased this prediction to 75 million unique malware samples reached by year’s end, the busiest in malware history.

“We have already passed the 70 million mark this year”, said Toralv Dirro, McAfee Labs’ Europe, the Middle East and Africa security strategist. “Criminals are really discovering the field of mobile devices as the new thing now. Since the beginning of the year, there has been a massive increase quarter over quarter”, Dirro told Infosecurity.

One of the most popular forms of mobile malware in the third quarter was a text messaging trojan that collects personal information and steals money. Another new method of stealing user information was malware that records phone conversations and forwards them to the attacker.

“Android is being targeted because it is the most widely used mobile device these days. And the Android platform is not completely closed. So the good news is, anyone can write an Android application to benefit anyone else and distribute it without any kind of censorship. The bad news is, anyone can create malicious applications and distribute them outside of the marketplaces”, noted Dirro.

While spam remained at its lowest levels since 2007, spearphishing reached its greatest development in years. While not prominent, spearphishing is still highly sophisticated and effective, resulting in an elevated threat level, according to McAfee.

While overall botnet infections dropped slightly in the third quarter, they showed a significant increase in Argentina, Indonesia, Russia, and Venezuela. The most damaging botnets were Cutwail, Festi, and Lethic, while previous frontrunners Grum, Bobax and Maazben declined.

“Of the spam that is still being sent off, we are seeing a much larger regional difference than we have seen in the past. This may be due to a change in the botnets being used. There have been takedowns of large botnets, such as Bredolab and Rustock. People are replacing those botnets with smaller botnets that are much more difficult to take down”, said Dirro. “The criminals are reacting to the work of law enforcement and the security industry”, he added.

Social engineering is being used in targeted attacks that depend on geography and language. Attackers show remarkable insight into what works in different cultures and regions, McAfee noted. In the US, “Delivery Service Notifications” (or fake error messages) are the most popular, while in the UK “419 scams” are the most widely used. In France, phishing scams dominate, while drug spam is the most popular lure in Russia.

Fake anti-virus, AutoRun and password-stealing trojans have bounced back strongly from previous quarters, while AutoRun and password stealers remain at relatively constant levels. Mac malware also continues to grow, following a sharp increase in the second quarter. McAfee Labs is warning users that as certain platforms grow in popularity for both consumer and business use, such as the Mac operating system, malware authors will increasingly use theses platforms to target victims.

What’s hot on Infosecurity Magazine?