McAfee this week released it’s Q1 2012 threat report, which clearly indicated that Android mobile malware is on the rise. They reported 7,000 Android malware threats for Q1 of this year. Most companies working in the mobile security industry will confirm the mobile malware threat is very real, but now let us glance over what are right now the major threats to the most popular mobile platform – Android.
It’s well known that the majority of mobile attacks are targeting the Android platform (this includes ALL OS versions) through third-party app markets in China and Russia. The US however has always remained top for hosting the largest amount of compromised web content and this includes mobile web content. It’s actually unusual to find malcode in an app published on Google Play, but it does happen from time to time. Obfuscation is used by malware authors to hide their app malcode. This technique has been going on in the PC Windows world for years and will continue to evolve in the mobile environment by attacking the core OS architecture or installed apps.
Adware, SMS PRS, drive-by-downloads and mobile backdoor malware are four very common attack vectors but again these are usually started via third-party app stores. Mobile adware displays on a device without permission, so its no surprise that app and ad behaviour tracking is going to be such a hot topic. This will be a main revenue driver for mobile location-based ads (and of course adware and spyware) in the coming months/years. Malware authors will also look to exploit the ad behavioural platform. SMS PRS has been around for years and uses phishing and social engineering, so expect a similar pattern to what we see in the PC world.
Drive-by-downloads will look to exploit your mobile browser or app in an attempt to get you to visit a website server hosting a malicious payload. This isn’t any different to the PC world, but because the mobile URL is usually hidden from view (to increase the page view), means this attack method would be more successful. As for the backdoor malware, backdoor Trojans tend to be a bit more advanced and aggressive by running a multitude of malicious processes. They will use root exploits to launch malware which launches an IRC on the compromised device. The compromised device will then send PRS SMS or receive PRS SMS spam (i.e. adult content). The carriers are not receptive to blocking PRS SMS spam, primarily because it is a cash generator, so you will need to make sure you use an SMS blocking app.
The mobile malware landscape is evolving. In these hard times mobile users will look for apps on third-party app stores. It’s all about user economics. The malware authors know this. Look no further than the malware that originated in the PC Windows domain and you shouldn’t have to look far to see how mobile malware, adware, spyware and rootkits to name a few will evolve over the coming years and not just on the Android platform. Windows Phone anyone? 🙂
Safe surfing folks!