Android malware could reach the 1 million mark by year's end

Security firm Trend Micro's predictions for 2013 include one potentially concerning consideration: The post-PC malware threat has truly arrived, and Android will take the brunt of the targeted nasties throughout this year.

According to the security giant and anti-malware maker, 2012 showed that malware writers, spammers, and hackers have begun to capitalize upon the mobile market, with a particularly keen eye for attacking the Android platform. Not only does Google-owned Android have the greatest market share, therefore making it an easier target, it also has a more open platform to work with, compared to Windows Phone or the iOS-based platforms.

Also on the security agenda was the rise of OS X-targeted malware--as we have seen over the past year--but also a rise in Java-based Windows attacks, which toppled over into the new year with even the US government warning users to disable or uninstall the Web plug-in.

Social-media attacks are also on the rise, showing a distinct trend from the traditional target vector of Windows-based PCs to a wide range of platforms, both online and offline.

And in a "blowing-one's-own-trumpet" moment, Trend Micro noted that its previous predictions for 2012 have "come true," the firm said.

A few key takeaways:

• Trend Micro detected 350,000 threats for Android, with a growth ratio of 14:3 for Android versus PC. In context, it took Android just three years to achieve the PC volume of malware threats within 14 years. By the end of this year, the volume of Android malware could reach as high as the 1 million mark.

• The number of Android malware detections spiked in the third quarter from 41,000 to 156,000 samples, according to the firm's research. 38 percent was adware, 25 percent stole data, while 22 percent included a malicious downloader. Leading the threat type, however, was a premium service abuser at more than 40 percent.

• Java-based threats helped lead Apple's OS X platform into the crosshairs of malware writers, hackers, and botnet controllers after the first widespread attack against the Mac.

• Social-media platforms became a greater target for cybercriminals as the security firm warns users to avoid "oversharing" on Facebook, Twitter, Google+, and so on.

• Enterprises suffered from an "alarming rate" of data breaches and targeted attacks, the firm said. The widely reported Global Payments breach cost more than $94 million and is "still climbing," to give one example. Meanwhile, targeted attacks--such as allegedly government-backed attacks and other "children of Stuxnet"--are being used to attack high-value targets, notably with the discovery of Flame, Duqu, and Gauss, which derived from the "original" Stuxnet worm.

• Rather than using existing attacks, attackers used more professional software-development practices, the company said, by using Blackhole Exploit Kit (BHEK), Automatic Transfer Systems (ATS), and "improved" ransomware.