Android under security siege
Malware targeting Android users has increased nearly six-fold during the three months ending September.
That is the view of Trend Micro's Q3 security roundup, who says high-risk and dangerous applications targeting users of Google’s Android platform increased from nearly 30,000 in June to almost 175,000 in September.
With only 20% of Android device owners using a security app, Trend Micro says users need to understand what permissions apps seek, before approving them and unintentionally sharing sensitive information.
“Android is another endpoint device, with another operating system, and needs to have similar security controls and mechanisms just as you would with any PC," says Peter Benson, senior security architect, Trend Micro NZ.
"For organisations, there is an additional level of complexity through the Android device often owned by the end user, and interacting with the organisation.
"Therefore it becomes even more important to manage security on these devices.
“The evolution of mobile malware and the adaptive nature of the threats provides strong indications that security controls need to be adaptive and self-defending.
“The vectors of attacks are changing too, with social media increasingly being utilised by attackers to bring in new methods of compromising users via social engineering, coupled with high-technology attack malware.
"Consumerisation and BYOD is likely to make these types of blended attacks more relevant than ever to enterprise organisations.”
While some apps are obviously criminal – such as those that secretly purchase premium smartphone services – others are more of a privacy threat according to the report, including “Aggressive Adware” apps that collect more personal information than the user has authorised.
"It's actually no surprise that we see such a huge increase in mobile malware," says Raimund Genes, CTO, Trend Micro.
"Android is the dominant smartphone platform with an amazing success story.
"The digital underground reads the statistics and analysts reports as well, and they figured out way to make money with mobile malware.
"And unlike your computer, getting information from your phone also reveals your location, the phone numbers you have called – and more – all stuff which could be sold."
Notable trends in Q3 2012:
• Dangerous zero-day exploits targeting Java and Internet Explorer (IE) were found. The IE vulnerability was used in an advanced persistent threat (APT) campaign.
• ZeroAccess malware, sometimes found on peer-to-peer (P2P) sharing sites, were the top infector in the computing public this quarter. The old DOWNAD/ Conficker worm came a close second.
• PayPal attracted the most phishermen while Linkedin topped the list of chosen Blackhole Exploit Kit targets.
• Corporations and governments were still viable APT targets. Lurid and Nitro APT campaign improvements were also noted.
• Social media threats and privacy concerns lived on.
To view the report click here
Do you have sufficient security methods in place on your mobile? Tell us below