McAfee: Android OS most attacked by malware

It's been known for a while now that Google's Android mobile phone and tablet operating system is the one that seems to get more attention by malware makers. Now a new report from anti-virus company McAfee seems to confirm that notion. McAfee, a division of Intel, announced earlier this week that it has recorded a massive 76 percent increase in Android-based malware attacks in the second quarter of 2011. That rise has put Android in the dubious distinction of surpassing Nokia's Symbian OS as the operating system that has the most malware. McAfee speculates that Android will become an even bigger target for cybercriminals who create dangerous malware programs.

McAfee says that overall it has found 12 million unique malware samples in the first half of 2011 which was a 22 percent increase from the same period a year ago. The company claims that it now has 65 million malware samples in its "zoo" and says those numbers could expand to a whopping 75 million samples by the end of 2011.

In addition to all of the new threats against the Android OS, McAfee says that there is an increasing malware threat to Apple's Mac OS. In the past the Mac OS had been ignored by the malware community but now the first ever fake anti-virus threat has been found for the Mac operating system. In addition more malware in general are being hidden in a rootkit program. This kind of "stealth malware" threat has increased 38 percent this year compared to a year ago.

Report a problem with article
Previous Story

Serious Sam 3: BFE on sale October 18

Next Story

Microsoft's MSN signs deal with China's Renren

23 Comments

Commenting is disabled on this article.

Android overtakes Symbian in worldwide marketshare.
Android overtakes Symbian in malware attack attempts.

Coincidence?

The typical phone user isn't going to pay attention to or even know exactly what each permission is. Anymore, even I'm sick of it. I've used android for nearly two years now and it hasn't gotten any better from an end user standpoint. I've used iOS and it's okay, but didn't wow me. I wasn't blown away until I used WP7. Coming from an Android phone to WP7 was a drastic change in speed and simplicity. Yeah, It lacks customization, but it makes up for it in functionality. I hope Sprint get's a phone like the HD7 (not the pro) around xmas time this year so I can upgrade.

ndoggfromhell said,
The typical phone user isn't going to pay attention to or even know exactly what each permission is. Anymore, even I'm sick of it. I've used android for nearly two years now and it hasn't gotten any better from an end user standpoint. I've used iOS and it's okay, but didn't wow me. I wasn't blown away until I used WP7. Coming from an Android phone to WP7 was a drastic change in speed and simplicity. Yeah, It lacks customization, but it makes up for it in functionality. I hope Sprint get's a phone like the HD7 (not the pro) around xmas time this year so I can upgrade.

+ 1...liked...best comment on here

Propaganda that all , i Love My Android , it just propaganda from Microsoft or apple in here they didn't say anything that apple iPhone is more vulnerable them other smartphone.

Gaara sama said,
Propaganda that all , i Love My Android , it just propaganda from Microsoft or apple in here they didn't say anything that apple iPhone is more vulnerable them other smartphone.

So you dismiss the 50 apps filled with malware that made it onto the Android Market as "propaganda" do you?

It's the truth, Android IS more vulnerable to malware than other platforms.

This happened all for the false sense of "freedom". Allow any program to be installed, and allow those programs to do anything, and you're asking for trouble. If you want real freedom (freedom to use your phone without the worry about malware), you could always look into iOS.

Xenomorph said,
This happened all for the false sense of "freedom". Allow any program to be installed, and allow those programs to do anything, and you're asking for trouble. If you want real freedom (freedom to use your phone without the worry about malware), you could always look into iOS.
If you think "freedom" means convenience, then you don't know what the word "freedom" means.

I don't think Google is clueless, I think users are. All of the Android malware I've seen (admittedly I don't track it 24/7) required interaction on behalf of the user. Gone are the days of code being executed in the background with administrative rights(Cough, Windows XP) when a user visits a webpage. All of the stuff I've seen required people to click "Install" for some malicious 3rd party application.

Why is this a surprise? Is it not totally obvious that if you can load software from any source and not just an approved marketplace, then you will end up with malicious software now and again?

This is the trade-off against having a closed, monitored market, I don't think google is under any illusion of this - it's just a shame that the non-techies (who no doubt have similar infections on their windows pcs) don't really understand this and just see an iPhone type device with a much cheaper contract but does essentially the same thing.

bugsbungee said,
Why is this a surprise? Is it not totally obvious that if you can load software from any source and not just an approved marketplace, then you will end up with malicious software now and again?

This is the trade-off against having a closed, monitored market, I don't think google is under any illusion of this - it's just a shame that the non-techies (who no doubt have similar infections on their windows pcs) don't really understand this and just see an iPhone type device with a much cheaper contract but does essentially the same thing.

Google 'is' under this illusion. They bought into the hype of the security of Linux and a Java VM sandbox model. Even with Chrome they think their 'sandbox' is so bullet proof they are willing to compromise it with native code and WebGL - and their 'somewhat new' broker system is very immature in terms of security.

As for one centralized 'distribution point', yes this 'can' help a security model, but as you point out also restricts the platform considerably, especially for enterprise/business use. However, a central distribution 'market' is not a real security measure, it just has the side effect of helping security.

Even in the way Google handles their Market, submissions are not properly screened, let alone security tested before being available to users. (Contrast this with Apple, that at least has a robust submission review process, or even take it further in how Microsoft not only does the robust base review, but also has servers where the App is subjected to reliability and security testing before it is released to the Zune Market.)

If Google truly 'gets it', Android as we know it will stop to exist. Which I do not see happening, although I do see potential for Google to sidetrack the GPL and other issues to lock it and provide a more structured version on their potential Motorola devices.

If Google wasn't under the illusion, they would not have released Android as they did, nor would they have continued down the same road with the massive lack of security issues and poor implementation of the Dalvik and side stepping what security the Linux kernel inherently offers. Android doesn't even use the Linux memory manager, let alone adhere to the security model.

Maybe it is because I study OSes for a living that makes me a bit more jaded, but Google and specifically their development team is borderline clueless at times. Even basic programming concepts are conflated by their developers all the time, and this is just programming and not even getting into more depth of OS architecture and model concepts, that they insanely conflate and don't understand.

This is also a problem with a company reaching outside their scope, buying software, trying to make it fit, and not having the capability to see their mistakes, and even if they do, are unwilling to divert course.

Security isn't easy, and most people don't even touch on the complexity of a secure models. Android is a horrible model for security in general, even if it used the Linux security model completely, it still is using a 1970's/80's OS security model that has only done well because of its rigid simplistic nature. The days of simplistic are coming to and an end and so are the capabilities that this type of security model can handle.

Google is clueless, and Malware will be their downfall, from Chrome, to Android, to even their own servers and cloud systems.

(As for centralized distribution - it is not necessary for security. Microsoft understands this all too well, as they have been hit hard over the years because of user free will with Windows. Yet to this day, Windows gets better at dealing with free will without restricting access to software, and even WP7 is getting a non-market based application access model.)

Having an appstore malware rate of less than 0.03% doesn't sound like a resounding declaration of Android's doom to me. Yes it's got problems (probably due to Android's allowance of native code) but until it gets to 1% malware, I wouldn't call it a failure yet. Besides, Google's screening process will only get better with time, not worse.

thenetavenger said,

Security isn't easy, and most people don't even touch on the complexity of a secure models. Android is a horrible model for security in general, even if it used the Linux security model completely, it still is using a 1970's/80's OS security model that has only done well because of its rigid simplistic nature. The days of simplistic are coming to and an end and so are the capabilities that this type of security model can handle.
LOL. Have any examples of the Linux security model's alleged inadequacy? or should I just take it on faith?

MS Lose32 said,
LOL. Have any examples of the Linux security model's alleged inadequacy? or should I just take it on faith?

Ok, ignoring the problems with the phones, how about the massive number of Linux based servers that get hacked? Reading about a system being compromised is pretty much a daily occurrence now.

"76 percent increase"

I remember the news article about 50 malware apps in the Android market place a while back, bet they contributed to this stat!