Android shatters malware records

Android is shattering malware records, and 2011 is shaping up to be the worst year yet for mobile malware, according to a new study from McAfee. Almost all new mobile malware is being aimed at Android and it's proving to be very expensive for infected users.

Android is more vulnerable to exploitation than Microsoft's Windows Phone or Apple's iOS, in part since it takes a more open approach with less oversight, whereas the latter operate as more of a walled garden.

With mobile, criminals arguably have access to even more sensitive data than they do on PCs. McAfee cites two examples in particular, NickiSpy.A and GoldenEagle.A, as recording users' phone conversations over a long period of time. This leads to identity theft and worse.

Another type of malware, like LoveTrip, signs the infected device up for preimium-rate SMS services and deletes all subscription confirmation messages. This means that you end up getting charged huge amounts not only for something you didn't sign up for, but something you didn't even know about.

More traditional forms of malware are also making headway in mobile. DroidDeluxe was cited as an example of a root exploit, which allows the malware to break out of the application sandboxing that normally protects devices and gain full control of the system.

There's still some good news in the report. Spam levels have been dropping since 2007, thanks in part to Microsoft and other company's efforts against botnets, but phishing scams are growing more sophisticated.

Although the numbers remain low, spearphising scams are becoming more dangerous. Spearphishing is a targeted verso of the standard phishing scam, aimed at a very specific user or group of users. These attacks generally install malware on infected computers, or facilitate some form of identity theft.

2011 has been a very tough year for cybersecurity and the rise of malware on mobile devices is especially troubling. Since so much of our communication happens through cellphones, the stakes are even higher than on desktops because the information is not just financial, but very personal. Once they have access to users' private conversations, it may be only a matter of time until cybercriminals get into the blackmail game as well.

Images courtesy of McAfee

Report a problem with article
Previous Story

Blackberry Playbook on sale for $199 for "limited time"

Next Story

1994 called and wants Bill Gates to explain an email in court

55 Comments

Commenting is disabled on this article.

Dear god the comments in here are some of the most disappointing drivel I've seen out of a tech community in a while.

You've got one guy who I swear is stuck in an infinite loop of "software repositories solve everything!!! Android will always be safer because of repositories!!!!" as if he's completely blind to the amount of malware that has spread through the Android Market itself.

You've got other people who are literally declaring their unconditional love for a version of Android they haven't even used yet (ICS) just because it's Android and they've long decided to remain faithful and true on no other grounds.

Then you've got the sort of people who ignore the whole article because it's from McAfee, without actually checking to see if the study is valid first. It's oddly reminiscent of people who shun any research funded by a company that has a stake in the results, as if that necessarily, 100% of the time, skews the conclusions in favor of the company, and nothing productive can be gained in some small way from the research whatsoever.

Nevermind the people who shrug off the existence of ALL malware as punishment for users who don't know what they're doing. These are the same sort of people who think you should earn some sort of certification before being allowed to even own a computer. The "RTFM N00B" trolls who hate the rest of the world for having a life beyond gaudy Matrix-inspired color schemes applied to nightly releases of their favorite Linux shell.

Lastly, there's the marvelously intelligent posters pointing out that, despite this article being entirely about mobile platforms, Windows for desktops gets malware, too! Holy crap, the geniuses commenting today blow my mind with their superior perceptions of technology!

No antivirus for android is needed yet if you just use some common sense.

I'm browsing xda forums daily and I very rarely see somebody talking about they got infected. I think this article is sponsored by Apple....

I see pie charts but where are the numbers? I don't know anyone who uses an Android that has ever gotten a virus. And back in the Windows virus days, I didn't know anyone who didn't have a virus. So thank god for headlines like these. People might actually read it, believe it, and go get a WP7!

jimmyfal said,
I see pie charts but where are the numbers? I don't know anyone who uses an Android that has ever gotten a virus. And back in the Windows virus days, I didn't know anyone who didn't have a virus. So thank god for headlines like these. People might actually read it, believe it, and go get a WP7!

+1 there. This is no different than the other report released last week which only gave a percentage number. How about some actual quantifying numbers for a comparison. The only set of numbers I see is total malware samples, which comes in under 1500 and Android samples which is listed at under a 100.

I'm not even certain where the sensationalized headline comes from. Android is shattering what record? The most targeted for a quarter? maybe but from the chart it looks like Symbian in all forms would still hold a firm grasp on malware by platform.

Android may be inherently less secure because of the openness of the platform. But don't mistake that for being less secure than iOS. I'm fairly certain Charlie Miller has shown time and time again that Apple is loosing their grip on the "walled garden".

jimmyfal said,
I don't know anyone who uses an Android that has ever gotten a virus.
Android malware usually doesn't announce that it's doing bad things. Just saying.

I thought the personal conversations (sms, mms) are not secure anyway. Its not encrypted so its at risk all the time by any one with enough security clearance to request a transcript to view the context.

Nothing is secure not even your precious linux. If the user is dumb they will get infected. Stop making it sound like Windows gets infected on contact with the Internet. Hackers will target the greatest market share. This is what is happening with Android right now in the mobile world as it happens on the Desktop with Windows.
Call me M$ fanboy or whatever you like but I am tired with the "techies" who communicate any kind of statistic to favor their beloved platform. Linux is Android and its full of malware if this was a WP article everyone will be taking the platform for a ride across the internet.

Edited by Riva, Nov 21 2011, 8:11pm :

This is funny: Windows has most virus on the desktop and everyone is using it against it. Now that it is sitting at home in the mobile world WE LOVE ANDROID
Get real

Riva said,
This is funny: Windows has most virus on the desktop and everyone is using it against it. Now that it is sitting at home in the mobile world WE LOVE ANDROID
Get real

Number of Malware ≠ Number of Infections

Windows has hundreds of millions of infections world wide of viruses, malware, rootkit etc.

Joey S said,

Windows XP has hundreds of millions of infections world wide of viruses, malware, rootkit etc.

Fixed that.

Agreed, iOS used to be the more popular platform for a few years by far yet you see extremely little to no issues with malware on the App Store. Google has dropped the ball here. I get that people dont want to be limited to get their apps from one source but it does keep them clean and running smooth for the 99% of idiot peons who use these devices.

according to a new study from McAfee

I stopped reading there. It's in the interests of anti-virus software companies to scaremonger, so of course they want to spread the idea that Android and other mobile OS's are infested.

The reality is very different. If you're competent enough to side load, you don't give applications arbitrary permissions. As far as the market goes, Google is usually pretty quick at responding to malware submissions.

Lastly, these kinds of companies like to use sensational figures like 500% growth in malware, but you can get that going from 1 to 5. It's just silly scare tactics to get people to buy av software, and we all know it.

Saying Android is more insecure because it allows users to sideload apps is like saying it's safer if we all stayed inside our houses. Technically it is, but all your freedoms are then restricted. I prefer to have the option of side loading if I want. For the less technically inclined, the market place is a safe option.

Joey S said,

I stopped reading there.

You stopped reading once you saw the word Mcafee? do you want a cookie?

Just because they have a bloated antivirus, does not mean Mcafee does not know what they are talking about.

I am somewhat wary of these kind of stats. Stat's can be span and the previous big one was from McAfee. Most Windows anti-virus makers are on hard times due to good free AV products available. Spreading a little FUD to get people to buy mostly useless Android AV clients doesn't sound better for the users.

From past experience in Windows, a bad AV product can be as bad as having a virus for system stability and speed.

Not sticking my head in the sand, but the remedy has to be better than the affliction.

Chrispynutt said,

From past experience in Windows, a bad AV product can be as bad as having a virus for system stability and speed.

+1. Reason which I dropped everything I knew and sticked with MS Essentials... Couldn't be happier.

Salty Wagyu said,
Most of the Android populace is full of idiot users then. It's easier to get infected on Windows than on Android really.

The actual number of infections on Android is very low. Google has the ability to remotely kill anything on the marketplace. Now Windows is a whole different kettle of fish. It has millions of malware and millions of infections. Some estimates put the number of active infections at over 70% on Windows machines.

If anything, android is becoming windows XP. Too many of them and thus easier for baddies to create malware. I'll pass Android on this one and won't recommend to people I know.

flexkeyboard said,
If anything, android is becoming windows XP. Too many of them and thus easier for baddies to create malware. I'll pass Android on this one and won't recommend to people I know.

You only get malware if you sideload apps from dodgy sources and give them unbridled permissions. The market place is regulated by Google so any malware is killed remotely.

And by the same logic, I suppose you'll recommend to people you know, that GNU/Linux is a better option than Windows because it has no malware where Windows has millions?

flexkeyboard said,
If anything, android is becoming windows XP. Too many of them and thus easier for baddies to create malware. I'll pass Android on this one and won't recommend to people I know.

I'd say more like win 9x. Android wishes it had the security of the NT kernel.

dotf said,

I'd say more like win 9x. Android wishes it had the security of the NT kernel.

All the security in the world isn't going to help if Windows has no built in application repository. If people download and install random apps, malware will happen. That's why Windows has 99% of all the malware in the world.

You take out the need to go hunt down applications by integrating it into the OS, which GNU/Linux, Android, and iOS all have, and the number of infections will always be relatively low. Windows is a good example of what not to do in terms of security.

And while we're on the subject, when was the last time Windows provided a list of features that an app is requesting while installing? Yeah I must have missed that one. If you install an app in Windows you have absolutely no clue what it's going to really do, a true trojan horse.

Joey S said,

If people download and install random apps, malware will happen. That's why Windows has 99% of all the malware in the world.

That's also part of the reason why windows has the most apps out of any platform

Joey S said,

All the security in the world isn't going to help if Windows has no built in application repository. If people download and install random apps, malware will happen. That's why Windows has 99% of all the malware in the world.

You take out the need to go hunt down applications by integrating it into the OS, which GNU/Linux, Android, and iOS all have, and the number of infections will always be relatively low. Windows is a good example of what not to do in terms of security.

And while we're on the subject, when was the last time Windows provided a list of features that an app is requesting while installing? Yeah I must have missed that one. If you install an app in Windows you have absolutely no clue what it's going to really do, a true trojan horse.

What ever you wouldn't say to insult windows right? You're way out of my league even to insult.

Malware authors always target the most popular platform. It's always been that way. That said, I still love Android and will continue to be faithful to the platform.

As stated above, be mindful of what you download (and where) and read the permissions before you install anything and you'll be fine.

bjoswald said,
Malware authors always target the most popular platform.

That's no excuse. iOS was the most popular platform and it's not infested with malware. It's time for Google to step in and make some improvements. Microsoft learned their lesson the hard way but they have a better product now because of it.

bjoswald said,
Malware authors always target the most popular platform. It's always been that way. That said, I still love Android and will continue to be faithful to the platform.

As stated above, be mindful of what you download (and where) and read the permissions before you install anything and you'll be fine.


+1.. I am gonna love ICS when its made available for my phone....

also download app only from trusted brand and popular apps....

bjoswald said,
Malware authors always target the most popular platform. It's always been that way. That said, I still love Android and will continue to be faithful to the platform.
iOS has a larger overall market share than Android. Android has only beaten it in the smartphone space.

bjoswald said,

As stated above, be mindful of what you download (and where) and read the permissions before you install anything and you'll be fine.

Best advice here ^^

bjoswald said,
Malware authors always target the most popular platform. It's always been that way. That said, I still love Android and will continue to be faithful to the platform.

As stated above, be mindful of what you download (and where) and read the permissions before you install anything and you'll be fine.

Those 2 above me are obviously fanboys. How the f* can You say that iOS has the biggest market share? Seriously. This generation is making me hang myself.

Kardo Kaul said,

Those 2 above me are obviously fanboys. How the f* can You say that iOS has the biggest market share? Seriously. This generation is making me hang myself.

Hey now, I used past tense, "was"

Also, I am far from being an Apple fan, but I have to acknowledge the facts.

Enron said,

Hey now, I used past tense, "was"

Also, I am far from being an Apple fan, but I have to acknowledge the facts.

So do I, never seen no maleware what so ever. Its the user not the OS. McAfee should shut down already. It's getting stupid, their AV aint worth s* neither are their "facts"

Elliott said,
iOS has a larger overall market share than Android. Android has only beaten it in the smartphone space.

iOS doesn't allow sideloading, and has approval over every app submission. That's too confined for me. I like the freedom to root, sideload and customise any way I see fit.

Enron said,

That's no excuse. iOS was the most popular platform and it's not infested with malware. It's time for Google to step in and make some improvements. Microsoft learned their lesson the hard way but they have a better product now because of it.

It better not as the hand of Jobs presided over every step of the app being allowed in the store...

Elliott said,
Uh, I didn't make my statement up. iOS has more total activations than Android. Android is on pace to beat iOS eventually, but it hasn't happened yet.

http://www.idownloadblog.com/2.../android-devices-trail-ios/


well if you include all the ipod devices... yes, its still dominant... :-) 3 years vs 10(7 yrs ipod) years comparison????
but if you take a look at iphone+ipad vs Android phone+tablet then Android lead by a lot.

Elliott said,
Uh, I didn't make my statement up. iOS has more total activations than Android. Android is on pace to beat iOS eventually, but it hasn't happened yet.

http://www.idownloadblog.com/2.../android-devices-trail-ios/


well if you include all the ipod devices... yes, its still dominant... :-) 3 years vs 10(7 yrs ipod) years comparison????
but if you take a look at iphone+ipad vs Android phone+tablet then Android lead by a lot.

still1 said,

well if you include all the ipod devices... yes, its still dominant... :-) 3 years vs 10(7 yrs ipod) years comparison????
but if you take a look at iphone+ipad vs Android phone+tablet then Android lead by a lot.
Uh, iOS only counts on iPod touches. If you actually counted iPods (which would be cheating since they don't run iOS), the number would be insanely high in comparison to Android.

Elliott said,
Uh, iOS only counts on iPod touches. If you actually counted iPods (which would be cheating since they don't run iOS), the number would be insanely high in comparison to Android.

total iphone sold till date is approx 130 Million and ipad is around 30 million...
total Android devices sold is about 200 million so Android is already on the lead.

still1 said,

total iphone sold till date is approx 130 Million and ipad is around 30 million...
total Android devices sold is about 200 million so Android is already on the lead.
Where are you getting your numbers? Hell, back in April, Apple had already sold over 189M iOS devices. Now that number is over 250M. Yes, iPod touches included, because they do run iOS. Not sure why you're trying to discount them.

Elliott said,
Where are you getting your numbers? Hell, back in April, Apple had already sold over 189M iOS devices. Now that number is over 250M. Yes, iPod touches included, because they do run iOS. Not sure why you're trying to discount them.

Here is the official one from apple... this is back in April.... Iphone -108 million units, Ipad-19 million, Ipod Touch- 60 million... this 60Mil is just touch and i have not included ipod... so removing ipod touch the sale of ipad and iphone is just 127 million and my current till date no of 130+30 million is appropriate....
so Android had already passed Iphone+Ipad sales... few months ago Google said it has about 100 Mil Android devices and last month they said there are 200 mil devices sold.

THE REASON WHY I AM DISCOUNTING IPOD TOUCH IS TO HAVE A FAIR COMPARISON OF SMART PHONE AND TABLET.... IPOD TOUCH IS A MUSIC PLAYER AND A DIFFERENT PRODUCT.
Link: http://arstechnica.com/apple/n...od-touches-sold-to-date.ars

still1 said,
THE REASON WHY I AM DISCOUNTING IPOD TOUCH IS TO HAVE A FAIR COMPARISON OF SMART PHONE AND TABLET.... IPOD TOUCH IS A MUSIC PLAYER AND A DIFFERENT PRODUCT.
Link: http://arstechnica.com/apple/n...od-touches-sold-to-date.ars

No, it's really not a different product. It's basically a small tablet. Just because no Android-using manufacturer created a product that could compete with it doesn't mean it's not a valid iOS-running device that can do just about everything an iPhone does.

The Article says Android Shatters Malware records and says "lmost all new mobile malware is being aimed at Android"

Yet the pie chart looks like over 1/2 of the malware is aimed at sybian.

I think that first graph is saying Symbian has the most as of now, but new malware is coming out for Android rather than Symbian (or any other OS).

No offence to authors but this basically says hackers are smart? They throw their lines where most of the fish are hanging out to see if they get a better chance at a bite

SHoTTa35 said,
No offence to authors but this basically says hackers are smart? They throw their lines where most of the fish are hanging out to see if they get a better chance at a bite

The truth is mobile malware is no where near the scale of malware on Windows. Most mobile OS's for instance have a market place which allows people to get their apps without the risks of hunting them down randomly on the web. It's akin to the GNU/Linux package manager. Very rarely do you go outside of that environment, and when you do, you're usually technically proficient and know the risks, and so only download from reputable sources, and check the feature requests (permissions) when installing. If a ebook reader wants to call home and access your contacts list, you should be dubious.

Joey S said,

The truth is mobile malware is no where near the scale of malware on Windows. Most mobile OS's for instance have a market place which allows people to get their apps without the risks of hunting them down randomly on the web. It's akin to the GNU/Linux package manager. Very rarely do you go outside of that environment, and when you do, you're usually technically proficient and know the risks, and so only download from reputable sources, and check the feature requests (permissions) when installing. If a ebook reader wants to call home and access your contacts list, you should be dubious.

What if you want to share what books your reading with your friends on your contacts list?

Even with all the malware, I still prefer Android to iOS. Just don't install every app you see and read the damn permissions of the apps you do install. Not hard.

Open Minded said,
Even with all the malware, I still prefer Android to iOS. Just don't install every app you see and read the damn permissions of the apps you do install. Not hard.

Exactly. Every OS can potentially suffer malware, however when you have an integrated software repository like Android, iOS, and GNU/Linux, most people won't ever come into contact with them. It's OS's like Windows that will always suffer as long as critical applications have to be downloaded manually from websites.

Open Minded said,
Even with all the malware, I still prefer Android to iOS. Just don't install every app you see and read the damn permissions of the apps you do install. Not hard.

Yep, until people take personal responsibility for their security well always have issues. I love android as well, iOS is too limited for me personally and ive never once had any 'malware' issues. Then again, i dont install every app i come across..

Open Minded said,
Even with all the malware, I still prefer Android to iOS. Just don't install every app you see and read the damn permissions of the apps you do install. Not hard.

The problem arises that it takes little to no effect to make apps that have legit reasons to certain permissions so this isn't that simple. Example, how do you share your high scores with your friends? The app needs access to some may of finding your friends. A bit of creativity on the malware developers is all it takes and the watching the permissions argue goes out of the window. For most of us techies, we know better in most cases, but the general public don't so the whole argument of watching permissions doesn't solve anything in the grand scheme of things. I myself don't care to share high scores but seeing every single game on andriod/ios makes you wonder what really is secure. There is no way around it these days it seems.

Joey S said,

Exactly. Every OS can potentially suffer malware, however when you have an integrated software repository like Android, iOS, and GNU/Linux, most people won't ever come into contact with them. It's OS's like Windows that will always suffer as long as critical applications have to be downloaded manually from websites.

Do you even read what you write? You just contradicted yourself.