Android becomes second most popular malware haven in Q1

Android becomes second most popular malware haven in Q1

Summary: McAfee noted that Android devices are becoming malware havens. Android was the second most popular environment for mobile malware behind Symbian in the first quarter. Historically, Android remains No. 3.

SHARE:
TOPICS: Malware, Security
65

The first quarter was the most active in malware history and mobile attacks are moving to the forefront, according to McAfee data. Android attacks are also picking up.

McAfee's first quarter threat report noted that attacks surged in the first quarter, but spam has fallen. In fact, there were 6 million unique malware samples in the first quarter, the highest ever for the first three months of the year. February had the most new malware samples---2.75 million.

Fake anti-virus software---think Mac Defender---reached its highest levels in march with 350,000 unique samples.

As for emerging threats, McAfee noted that Android devices are becoming malware havens. Android was the second most popular environment for mobile malware behind Symbian in the first quarter. Historically, Android remains No. 3.

Related: Malware sneaks by Google's Android Market gatekeepers again

In its report, McAfee said:

McAfee Labs combats several developing families of malware that attack Android phones. One of the families, Android/DrdDream, comprises a variety of legitimate games and apps that have been injected with malicious code. These threats are unique and quite dangerous due to the use of two root exploits to gain greater control of those phones. The two exploits—Exploit/LVedu and Exploit/DiutesEx—were initially used by users trying to gain legitimate root access to their own devices, a process commonly referred to as rooting.1 In the PC world, malware often uses exploits to enable drive-by downloads that infect machines visiting specially designed or compromised websites. For mobile devices, much of the malware has required user interaction, but in the near future mobile exploits will certainly allow automatic malware installation. Like Android/DrdDream, the Android/Drad family is made up of maliciously modified applications.

This family sends device information to an attacker-controlled site. Just like in the PC malware world, Android/Drad listens for commands from the attacker. The malware can also download additional software, though it stops short of being a full-fledged mobile botnet. It appears that the malware uses blackhat search-engine optimization techniques, a process of manipulating search engine results to place dangerous sites higher than they should appear in lists of hits.

Topics: Malware, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

65 comments
Log in or register to join the discussion
  • B-b-but it's linux!!

    It has the Linux Security Module that will prevent cooties from getting into the kernel. I learned that on the discussion forum here. Have I been repeatedly lied to?
    Your Non Advocate
    • RE: Android becomes second most popular malware haven in Q1

      @facebook@...
      What does LSM have to do with Android? Who lied to you?
      daikon
      • Re: B-b-ut it's linux!!

        @daikon Well, it is not like he staked his reputation on it or something silly like that.
        Your Non Advocate
      • Message has been deleted.

        Ram U
      • RE: Android becomes second most popular malware haven in Q1

        @facebook@... OMG - LMAO that was a classic!
        ItsTheBottomLine
      • Android was supposed to be built upon the Linux Kernel

        @daikon
        M Wagner
    • It is called AppArmor

      @facebook@...
      And when Google adds it to Android and/or a 3rd party does, it will do as it states. I would suspect that Google will be forced to use this sooner rather than later.

      http://en.wikipedia.org/wiki/AppArmor
      BobsYourUnclw
    • RE: Android becomes second most popular malware haven in Q1

      @facebook@...The first computer Virus's were developed in Bell Labs for Unix operating systems. Linux is but another form of Unix and every system is susceptible to worms and Virus's
      eaglew
      • No it isn't.

        @eaglew
        And neither is Vista/Windows 7 now that they have moved to the same model of real NON-Root/Admin operation. A virus is a self installing, self replicating piece of code installed with no user interaction. If it requires user interaction to install it, it isn't a virus. Any operating system can have malware installed if the user happily installs it.
        BobsYourUnclw
        • Depends on what you mean by "self installing"

          As one who has worked for two AV companies your definition depends on what you mean by self-installing. I suspect you redundantly used self-replicating which is more accurate. Virus or any other malware don't just leap on your computer unless something (usually something besides the virus) first executes it. What makes malware a virus is that it is self-replicating (as a virus does in the real world) but the process may be initiated by the user. In the early days most viruses were either COM or EXE viruses that required the user to run them before they would infect other files. Today, as far as I am concerned, viruses are not much of a worry. The other malwares are much more worrisome as they can take control over the computer. It has been years since I've seen a virus outbreak or even heard of one. But browser based attacks and malware infected apps are very prevalent on Android devices these days.
          MeMyselfAndI_z
        • And yes every OS is subject to viruses.

          There is absolutely no technical reason UNIX, Linux, Windows, OSX, OS/2, QNX, cannot have self replicating code. It is not only feasible but for most of this list it has already occurred. The problem from the virus writer's perspective is getting the virus to succeed to the point of an outbreak. Modern OSes make this much harder and this is very demotivating to virus writers. We haven't had a new virus generation library come out in years. I believe all the talk about viruses today is mostly wasted breath as virus hey-day is long past. Malware in the form of browser attacks, roots, information stealing apps are much more of a problem and they are quite a lot of them on android.
          MeMyselfAndI_z
      • RE: Android becomes second most popular malware haven in Q1

        @BobsYourUnclw you must really have your head buried in the sand if you believe that. EVERY OS is susceptible to viruses, and all you have to do to become infected is click on a bad link.
        nix_hed
      • RE: Android becomes second most popular malware haven in Q1

        @eaglew
        It's good that you know your computer history. So here's a historical fact: No other operating system has been as susceptible to, and affected by viruses/trojans/scripts/malware than MS Windows.

        In the history of computers, no system has sustained as much damage and digital gore as computers running that oh-so-delicate OS.

        So, while you can say that (technically) every system is susceptible to worms and virii, Linux based computers will retain the title of safe havens for computer users. I strongly recommend that users choose the safest environment available to work in- which ain't Windows.
        Aaln
        • Linux has viruses, so does the Mac

          While it has very few it does have viruses, but many more other types of malware (BTW I used to work for two companies that manufactured anti-virus for Macs).

          Windows has been the most prevalent platform for sure. This is mostly because viruses need a large population to spread effectively and windows had that large population. Also in the past everyone was running as administrator. Today I do not worry about viruses any more. The other malware forms which also are greatly affecting Android systems and Linux to a lesser degree are much more concerning to me as a Windows user.

          42 [29][30]
          Arches [31]
          Alaeda - Virus.Linux.Alaeda[32]
          Bad Bunny - Perl.Badbunny[6][33]
          Binom - Linux/Binom[34]
          Bliss - requires root privileges
          Brundle[35]
          Bukowski[36]
          Caveat [37][38]
          Coin [39][40]
          Diesel - Virus.Linux.Diesel.962[41]
          Hasher [42][43]
          Kagob a - Virus.Linux.Kagob.a[44]
          Kagob b - Virus.Linux.Kagob.b[45]
          Lacrimae (aka Crimea) [46][47]
          MetaPHOR (also known as Simile)
          MeMyselfAndI_z
      • Linux is NOT UNIX ...

        @eaglew ... and Bell Labs did not create the first computer virus - although UNIX has always been as susceptible to attack as any other OS.

        UNIX is protected by copyright, not patent. As such, anyone could build an OS that behaved the same way as UNIX - as long as the author did not violate the Ball Labs COPYRIGHT by stealing UNIX Source Code.

        FreeBSD, for instance, is variant for 4.3 BSD (a UNIX variant developed at UC-Berkeley) which has been stripped of all the original AT&T UNIX source code.

        Long before Linux, most UNIX utilities were "cloned" into GNU utilities (GNU = Gnu's Not Unix).

        Linus Torvalds later developed the Linux kernel under the GNU Public License so the kernel and the GNU utilities could be distributed as a completely UNIX-source-code free OS which behaves like UNIX but is NOT UNIX.

        ALL operating systems are susceptible to attack. This is inherent in any OS because the author of the OS has to design the OS with certain assumptions in mind about how it is to be used. Software designers cannot contemplate every possible way that the human mind can devise to MISUSE the origianl software so ...

        As the number of people with knowledge of the internal workings of the software grows, the number of hackers grows. As the number of uninformed users grows, the temptation for hackers to write malicious code (for fun and profit) grows.
        M Wagner
      • RE: Android becomes second most popular malware haven in Q1

        @eaglew wrong.

        The first was developed in HP labs for testing and hardware diagnosticstheir OS in 1974. The project was canceled due to difficulty of control.
        The systems did not run UNIX.
        jessepollard
      • RE: Android becomes second most popular malware haven in Q1

        @BobsYourUnclw
        Yes, the old "if it doesn't self install/self replicate its not a virus" factoid about viruses. Admittedly, malware that self installs and self replicates is a very disturbing form of malware. The thing is, who really cares that much, its all bad crap.

        To often the "if it doesn't self install/self replicate its not a virus" has been waived about like a moniker of pride by OS users that are not susceptible to self installing viruses. I say too often because its kind of like telling someone the reason they went off the road wasn't because of a flat tire, its because the tire literally came off the rim. Sure, its nice to be able to sit around and brag about any OS that is not susceptible to viruses, but if its going to be bragged about it needs to be discussed in terms of the fact that just because you cannot get a virus, you can be still quite susceptible to other forms of malware that could result in terrible things happen to you that are far worse then what the typical virus does.

        So who really gives a flip flying whatever exactly what it is that makes a virus a virus. Lets just make it plain for fanboi's of every color; NO OS is bullet proof and any OS can get malware on it that could ruin you if you don't do the right things.

        It almost feels like we are getting to a place we should have been years ago, and thats the fanboi's of certain OS's admitting they are just as susceptible to dangerous attacks as anyone if the blackhats decide what you are running is going to be their next target.
        Cayble
      • @Cayble

        "its kind of like telling someone the reason they went off the road wasn't because of a flat tire, its because the tire literally came off the rim. "

        Nope, it's like telling them they didn't go off the road because of a flat tire but because the drove themselves off of it.
        shaunehunter
    • RE: Android becomes second most popular malware haven in Q1

      @facebook@... LMAO :D
      MrElectrifyer
    • RE: Android becomes second most popular malware haven in Q1

      @facebook@...
      malware cannot affect kernel .. u moron
      pinkfloydhighhopes