US Government Issues Android Malware Warning

Google’s Android continues to be the predominant target of malware threats, and now the US government has issued its own warning about the mobile operating system.

In 2012, Android was the target of 79 percent of malware threats, compared with 0.7 percent for iOS, 0.3 percent for BlackBerry and 0.3 percent for Windows Mobile, the US Departments of Justice and Homeland Security said in an unclassified 23 July release intended for police, fire, EMS and security personnel.

The Next Web discovered the release and reported on it 26 August.

Government Warning

The government report pointed to industry reports stating that 44 percent of Android users are still using Gingerbread versions of Android (versions 2.3.3 through 2.3.7), which were released in 2011 and “have a number of security vulnerabilities that were fixed in later versions.”

The report points out three particular security threats. The first, Short Message Service (SMS) Trojans, represent nearly half of the malicious applications currently circulating, it says. Text messages are sent to premium-rate numbers, “potentially resulting in exorbitant charges for the user.”

In the second, rootkits, malware is hidden from normal types of detection and logs the user’s keystrokes, passwords and location without the user’s knowledge.

Finally, fake Google Play domains allow users to browse and download apps, movies, books, music and other content, while stealing sensitive information, such as financial data and log-in credentials.

The report says Android is singled out for being the world’s most widely used mobile OS, and that given the growing dependence on mobile devices by federal, state and local authorities, it’s “more important than ever to keep mobile OS patched and up-to-date.”

Growing Threat

Earlier this month, Trend Micro warned that vulnerabilities in Android are among its top security concerns.

“Due to the fractured nature of the Android network, it is very difficult for patches to reach all users in an effective timeframe,” JD Sherry, vice president of technology and solutions at Trend Micro, said in a 8 August statement. ” Until we have the same urgency to protect mobile devices as we do for protecting PCs, this very real threat will continue to grow rapidly.

According to Trend Micro, it took three years to reach 350,000 high-risk apps – but only six months for that figure to double.

During the second quarter, it added, premium service abusers remained consistent, but the firm saw an increase in the “data stealer volume,” said Research Director Linda Barrabee, which “may indicate the continued sophistication of this threat type.”

On 12 August, the Bitcoin Foundation announced that Android had also opened up Bitcoin users to vulnerabilities. The company warned users about the issue on its Web site and recommended that anyone with an Android wallet upgrade their version of the upgrade their software and perform several reparative steps.

“Because the problem lies with Android itself, this problem will affect you if you have a wallet generated by any Android app,” the company warned users.

Think you know everything about Android? Try our quiz!

Originally published on eWeek.