Android Malware Increasing, AutoRun Attacks Still Prevalent

The recent trend of attackers focusing their attention on mobile platforms such as Android, Symbian and iOs is continuing to accelerate, researchers say, and the threats to smartphones are becoming more and more sophisticated and dangerous.

Android is becoming the focus of much of the attention from attackers these days, thanks to its growing market share, especially in the U.S. Many of the most dangerous recent mobile attacks have targeted the Android platform, including the DroidDream malware, which has been found in dozens of apps in the Android Market in recent months. There also have been some other pieces of malware that employed root exploits to elevate privileges on Android devices, so the level of sophistication of attacks on the platform is advancing steadily.

"As we watch steady, significant growth in the mobile malware threat landscape, many of the same functions and features of PC-based threats are already part of the codebase. Mobile threats already take advantage of exploits, employ botnet functionality, and even use rootkit features for stealth and permanence," McAfee said in its research report for the second quarter. "Maliciously modified apps are still a popular vector for infecting devices: Corrupt a legitimate app or game and users will download and install malware on their smartphones by themselves."

The company found that malware targeting the Android platform was by far the most prevalent in the second quarter, more than triple the amount that targeted Java Micro Edition and far more than any other mobile platform, such as Symbian or BlackBerry. Targeted malware for Apple's iOS was essentially non-existent in the quarter, a fact that may be attributable to the difficulty of getting access to the iOS code itself as well as to some of the security improvements that Apple has made, including sandboxing and exploit mitigations.

Interestingly, McAfee also found that AutoRun malware was the most prevalent kind of threat in every region of the world except for Europe/Middle East and Australia. AutoRun also was the top global malware threat for the second quarter. AutoRun malware has been a focus for security companies and Microsoft researchers for quite a while now, and Microsoft earlier this summer said that its own research had found that AutoRun infections were declining sharply. In February Microsoft had begun releasing updates for various platforms that changed the way that Windows machines handled AutoRun on various media.

"These infections started their decline when the update was released and in May hit an all-time low. (There was a small uptick in April, but that was likely caused by the a second MSRT release at the end of that month.) In comparison to the three months prior to the update, we saw 1.3 million fewer infections on Windows Vista and XP from February to May," the blog post by Holly Stewart said.

nb : threatpost