Malware writers gunning for Google Android

Symbian and Microsoft Windows Mobile platforms have been the proving ground for mobile malware over the past five years, but a new Juniper Networks report states that Google Android now takes "the crown" as the platform getting the most attention from malware developers.

"That's where the momentum is for 2011," says Dan Hoffman, chief mobile security evangelist at Juniper, whose "Mobile Devices: The New Frontier for Malicious Exploits" report examines the deterioration in mobile security. Juniper urges enterprises to adopt the same security controls for smartphones as they would for laptops.

TIPS: How to turn Android into a business phone

"Consumers can expect to see more advanced malware attacks against the Android platform," according to the report. These attacks include "command and control zombies and botnet participators, devices that are remotely controlled to execute malicious attacks."

RIM BlackBerry devices and Apple iPhones get off relatively unscathed, though spyware applications like FlexiSpy, Mobile Spy and MobiStealth are all seen as threats, according to the report.

As for Android, in January 2010 the first bank phishing application appeared in the Android Market. Another Android-related incident came about in which "mobile service provider Vodafone was unknowingly shipping devices from its mobile handset manufacturer with Secure Digital (SD) cards pre-loaded with the Marisposa botnet that affected Windows systems. When a user unpacked their new device and connected it via USB cable to their Windows-based PC -- to transfer files or synchronize the device -- the SD card's autorun function would initiate and infect the user's computer with the botnet."

The Juniper report recaps other mobile malware shockers, such as the Android Market's DroidDream infiltration earlier this year and other problems from last year when applications capable of malicious activity were identified that had found their way into the Android Market.

In contrast, "the Apple iPhone suffers from relatively little known malware, although applications exist to obtain user data and clandestinely transmit this information outside of the device," according to the Juniper report, which points to research done at the Technical University of Vienna and the University of California, Santa Barbara, that analyzed 1,400 iPhone and iPad applications.

The results of that study showed "nearly half of the analyzed applications leaked various forms of sensitive data to third parties. In most cases, application developers used pre-packaged code purchased from advertising agencies, originally intended to collect device information that could be used to build advertising profiles of the device user."

The report also draws from the general experiences last year of Juniper's own customer base using the Junos Pulse Mobile Security Suite software on smartphones. "Spyware capable of monitoring any and all forms of communication to and from a mobile device accounted for 61% of all reported Juniper mobile customer infections," the report states. For those using Android, it was 100% of all reported infections.

Juniper also notes that it found one-third of registered software users lost their device at some point and were forced to use the Junos Pulse software "locate device" capability, with 77% of these users then deciding to send a command to lock the device to stop someone using it. About a third never issued an unlock command, which brings Juniper to believe these devices were never found.

Read more about wide area network in Network World's Wide Area Network section.

Join the CSO newsletter!

Error: Please check your email address.

Tags symbianNetworkingsmartphonesGoogle AndroidPhoneswirelessanti-malwarejuniper networksconsumer electronicsGoogleMicrosoftsecurity

More about AppleBlackBerryGoogleIPSJuniperJuniperLANMicrosoftResearch In MotionSymbianVodafone

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Ellen Messmer

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts