Android devices in U.S. face more malware attacks than PCs

Almost 10 percent of Android devices have experienced a malware attack over a three-month period, compared to about 6 percent of PCs

Android devices are now attacked more often by malware than PCs, according to a report released Tuesday by a cyber security software maker.

The 2013 Security Threat Report from Sophos revealed that almost 10 percent of Android devices in the U.S. have experienced a malware attack over a three-month period in 2012, compared to about 6 percent of PCs.

The situation is worse in Australia, where more than 10 percent of Android devices have been attacked by malware, compared with about 8 percent for PCs.

With 52.2 percent of the smartphone market in the United States, Android has become a tempting target, Sophos reported. "Targets this large are difficult for malware authors to resist," the report said. "And they arent resisting attacks against Android are increasing rapidly."

Sophos noted that the most common malware attack on Android involves installing a fake app on a handset and secretly sending expensive messages to premium-rate SMS services.

Cyber criminals have also found ways to subvert two-factor authentication used by financial institutions to protect mobile transactions, according to the report. They do that by planting eavesdropping malware on a handset to obtain the authentication code sent to a phone by a bank to complete a transaction.

During 2012, the report said, hackers showed ambition by attacking more platforms social networks, cloud services and mobile devices and nimbleness by rapidly responding to security research findings and leveraging zero-day exploits more effectively.

In addition, hackers attacked thousands of badly configured websites and databases, using them to expose passwords and deliver malware to unsuspecting Internet users, the report noted.

More than 80 percent of all "drive-by" attacks on unsuspecting Web surfers occur at legitimate websites, according to the report.

It explained that attackers hack into legitimate websites and plant code that generates links to a server distributing malware. When a visitor arrives at the legitimate site, their browser will automatically pull down the malicious software along with the legitimate code from the website.

The Sophos report also identified the five riskiest and safest countries in the world for experiencing malware attacks. Hong Kong was the riskiest country, with 23.54 percent of its PCs experiencing a malware attack over a three-month period in 2012. It was followed by Taiwan (21.26 percent), the United Arab Emirates (20.78 percent), Mexico (19.81 percent) and India (17.44 percent).

Norway (1.81 percent) was the safest country against malware attacks, followed by Sweden (2.59 percent), Japan (2.63 percent), the United Kingdom (3.51 percent) and Switzerland (3.81 percent).

"Security really is about more than Microsoft," the report said. "The PC remains the biggest target for malicious code today, yet criminals have created effective fake antivirus attacks for the Mac.

"Malware creators are also targeting mobile devices as we experience a whole new set of operating systems with different security models and attack vectors," it added. "Our efforts must focus on protecting and empowering end users no matter what platform, device, or operating system they choose."

Join the CSO newsletter!

Error: Please check your email address.

Tags sophosconsumer electronicsPCsecuritysmartphonesPhonesAndroidmalware

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John P. Mello Jr.

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place