A flood of mobile security reports and 2012 predictions all point to an explosion in mobile malware with the Android being the most tempting target for mobile malware writers. Due to its huge popularity in the mobile device ecosystem, just as cybercriminals once favored Windows, these cyberthugs may view the Android OS as the new low-hanging fruit.
Research by Juniper Networks found there as a 472% increase in Android malware samples since July 2011, but malware-tainted apps in the Android Market and third-party app stores are expected to rise. Android is the most targeted device for all mobile malware development. Yet the Android OS is expected to win approval from the NSA to be used on "secret" military networks, even though Droids are "among the biggest government cyber menaces," reported Nextgov. Network security firm, M86 Security Labs, forecasts one of the greatest cyber dangers that agencies should worry about is hackers attacking federal employees via their Droids and iPhones brought into work. "The Android is very much a victim of its own success because any developer can publish innovative -- or malicious -- software applications to Google's Android," M86 vice president for technical strategy Bradley Anstis told Nextgov.
Lookout Mobile Security split the threat to mobile devices into application-based threats like malware, spyware and privacy threats; web-based threats like phishing scams, drive-by downloads and browser exploits; network-based threats such exploiting networks and wi-fi sniffing; and physical threats like lost or stolen mobile devices.
Expect more increases in exposed vulnerabilities from black hats and white hats in the coming year for mobile devices. In 2012, we estimate that you'll see more than 1,000 different variants of exploits, malicious applications, and botnets infecting that device glued to your hand and plugged into your head. We'll at least see a new variant every day.... And watch out: the number of people who fall victim to believable social engineering scams will go through the roof if the bad guys find a way to use mobile location-based services to design hyper-specific geolocation social engineering attempts.
And sure enough, a research team from NC State University discovered a new SMS Android Trojan, dubbed DroidLive, that is disguised as a Google library but is actually remotely controlled from a command and control server to turn your Android into a hub for nefarious activities. Assistant Professor Xuxian Jiang, in collaboration with mobile security company NetQin, said DroidLive is in the wild with the C&C server seeming to be located in China. DroidLive will try to install as a device administration app "to send text messages to premium numbers, make phone calls, collect personal information, and other nefarious activities," Jiang warned. While the user must grant the app permission, the malicious code is unique as being the first mobile malware to take advantage of the device administration API in order to gain privileges closer to those granted only to the device's firmware. At this time the DroidLive Trojan "cannot currently be detected using conventional Android IT security software," Infosecurity reported. Yet "NetQin says that infections can be spotted from unusual behavior on the part of mobile phones."
In February 2012, Jiang will present numerous Android security publications such as DroidMOSS: Detecting Repackaged Smartphone Applications in Third-Party Android Marketplaces; Hey, You, Get off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets; and Systematic Detection of Capability Leaks in Stock Android Smartphones.
Meanwhile a McAfee report also confirms that the Android OS is the primary target for mobile malware, having jumped 37% since last quarter; there was a 76% rise in new mobile Android malware since Q2 of 2011. Part of the problem is "too many cooks in the Android kitchen," according to SecurityNewsDaily. Many manufacturers build Android phones and depending on wireless carriers to push out security updates is a "flawed distribution model." Harry Sverdlove, chief technology officer for Massachusetts-based security firm Bit9, said the ecosystem is chaotic and compared the situation to purchasing a Dell computer yet expecting Dell to update Microsoft Windows.