A Million Users Hit By Android Malware In 2011

Android phone users are regularly being hit by numerous malware varieties, according to a Lookout report

Google Android smartphone owners have plenty to be wary of on the security front, according to a new report from Lookout Mobile Security.

Android handset users are 2.5 times more likely to be affected by malware today than they were six months ago, as anywhere from 500,000 to a million users were impacted by malware on their smartphone or tablet computer, Lookout said in its new 2011 Mobile Threat report.

Three out of 10 Android gadget owners are likely to encounter a Web-based threat on their device each year, with the number of malware-infested Android apps soaring from 80 apps in January to more than 400 apps through June 2011.

Exploit Records Phone Calls

Lookout, whose report includes aggregated data from more than 700,000 applications and 10 million devices worldwide, noted that “attackers are deploying a variety of increasingly sophisticated techniques to take control of the phone, personal data, and money”.

One such data-chomping exploit reared its head in the form of an Android malware package that records the phone conversations of mobile phone users affected with the payload.

Computer Associates security expert Dinesh Venkatesan reproduced the malware by showing how the Trojan logs all the details of incoming and outgoing calls and call duration in a text file. This Trojan drops a configuration file that contains key information about the remote server and the parameters. That file stores the recorded call in the phone’s SD card.

“As it is already widely acknowledged that this year is the year of mobile malware, we advise the smartphone users to be more logical and exercise the basic security principles while surfing and installing any applications,” Venkatesan noted.

Symantec said that fears of this malware were overblown because Android’s hardware fragmentation  –  differences among myriad devices from Samsung, HTC, Motorola and others –  limit the spread of this call recording threat. This is because the bug crashed on most devices Symantec tried to run it.

Malvertising And Blind Updates

Debate over the severity of the call recording payload aside, Lookout is seeing other creative malware in action, including threats it calls “malvertising” and “update attacks.”

In malicious advertising, perpetrators purchase mobile ads that point users toward malicious Website to trigger a dangerous payload download. The GGTracker malware used this tactic.

In the update attack, the attacker publishes a legitimate app to an application market and then releases an update to the app that includes malware so the entire user base gets infected. The Legacy malware used this attack on users.

Near Field Comms and eWallets Targeted

Security aficionados and pundits may debate the notion of whether users should drop their Android phones and flee for the comfort of the more secure, locked down Apple iPhone and the iTunes App Store. However, it might be more useful to look at what is driving the mobile threats on Android. Lookout said mobile payment services, which includes Google Wallet, ISIS and American Express’ Serve, are key attack vectors.

“The value of mobile payment transactions is projected to reach almost $630 billion by 2014, up from $170 billion in 20105. Vendors, retailers, merchants, content providers, mobile operators, and banks are all actively establishing new payment services. Mobile payments create an attractive target for attackers, as they allow direct monetisation of attacks,” Lookout said.

Google believes its Wallet service, which pairs near field communications with smartphones for tap-and-pay services at participating retailers, offers the security to keep credit card info safe with an NFC chip on Android-based Nexus S smartphones. The service has not launched but, when it does, attackers will test it.