Android is shattering malware records, and 2011 is shaping up to be the worst year yet for mobile malware, according to a new study from McAfee. Almost all new mobile malware is being aimed at Android and it's proving to be very expensive for infected users.
Android is more vulnerable to exploitation than Microsoft's Windows Phone or Apple's iOS, in part since it takes a more open approach with less oversight, whereas the latter operate as more of a walled garden.
With mobile, criminals arguably have access to even more sensitive data than they do on PCs. McAfee cites two examples in particular, NickiSpy.A and GoldenEagle.A, as recording users' phone conversations over a long period of time. This leads to identity theft and worse.
Another type of malware, like LoveTrip, signs the infected device up for preimium-rate SMS services and deletes all subscription confirmation messages. This means that you end up getting charged huge amounts not only for something you didn't sign up for, but something you didn't even know about.
More traditional forms of malware are also making headway in mobile. DroidDeluxe was cited as an example of a root exploit, which allows the malware to break out of the application sandboxing that normally protects devices and gain full control of the system.
There's still some good news in the report. Spam levels have been dropping since 2007, thanks in part to Microsoft and other company's efforts against botnets, but phishing scams are growing more sophisticated.
Although the numbers remain low, spearphising scams are becoming more dangerous. Spearphishing is a targeted verso of the standard phishing scam, aimed at a very specific user or group of users. These attacks generally install malware on infected computers, or facilitate some form of identity theft.
2011 has been a very tough year for cybersecurity and the rise of malware on mobile devices is especially troubling. Since so much of our communication happens through cellphones, the stakes are even higher than on desktops because the information is not just financial, but very personal. Once they have access to users' private conversations, it may be only a matter of time until cybercriminals get into the blackmail game as well.
Images courtesy of McAfee