Android targeted, Apple vulnerable as mobile malware is on the upswing

Thanks to the growing capabilities of smartphones, we all have a little computer in our pocket. But the flip side to that is that smartphones may soon be plagued by the bane of computers: Malware.

The first malware to specifically target Google’s Android mobile operating system has been discovered, according to a new report by security firm Kapernksy Labs. The attack targeted a high-profile Tibetan activist with an infected email attachment that, when opened, sent the virus’ creators data about the phone’s contact lists, call logs, geo-location and text messages. The malware used his contact list to spread.

Kapernsky Labs traced the malware to a data center in Los Angeles, but indications are the attackers were Chinese.

“It is perhaps the first in a new wave of targeted attacks aimed at Android users,” Kapernsky Labs said in a blog post. “Until now, we haven’t seen targeted attacks against mobile phones in the wild, although we’ve seen indications that these were in development.”

Previous smartphone malware has tended to come in the form of spam text messages or infected apps, which were little more than phishing tools used against whoever happened to open them. Accordingly, smartphone operating systems have generally had far less need for antivirus software or frequent security patches. But that soon may change.

According to a report in the MIT Technology Review, earlier this month, Websense security researcher  Chris Astacio warned at the RSA Security Conference in San Francisco that cyber-criminals are increasingly turning their focus on smartphones, using corrupt websites to infect their victims.

Astacio said malacious software is targeting iPhones, iPads and Android devices, aiming to use  mobile browsers to take control of the device, according to the report.

That could be of particular concern to Apple users, as another new report found iOS to be the mobile operating system with the most vulnerabilities. That’s likely because iOS is much more of a target. Android’s vulnerability is its open platform, which allows easy creation of potentially malicious apps, so hackers haven’t needed to attack the OS directly. But because Apple has such control over its App Store, criminals are forced to look for other means of entry — such as through iOS, according to a report by ZDNet.

In an interview with ZDNet Asia, SourceFire security researcher Yves Younan said he was “surprised” that Apple topped the list of vulnerabilities, but that it made sense given that Android attackers focus on apps, and Windows isn’t yet widely used enough to present much of a target.

The rise of mobile malware attacks will likely force Apple and Google to release more frequent OS updates to patch vulnerabilities in the future, experts say. But still, the best security advice is the simplest: Be careful where you browse, and don’t open attachments that you don’t trust.

 

(Photo by Nhat V. Meyer/Mercury News archives)

 

Mike Murphy Mike Murphy (354 Posts)

Mike Murphy is a web producer at the Mercury News, and also writes for Good Morning Silicon Valley and 60-Second Business Break.