Android targeted, Apple vulnerable as mobile malware is on the upswing

Thanks to the growing capabilities of smartphones, we all have a little computer in our pocket. But the flip side to that is that smartphones may soon be plagued by the bane of computers: Malware.

The first malware to specifically target Google’s Android mobile operating system has been discovered, according to a new report by security firm Kapernksy Labs. The attack targeted a high-profile Tibetan activist with an infected email attachment that, when opened, sent the virus’ creators data about the phone’s contact lists, call logs, geo-location and text messages. The malware used his contact list to spread.

Kapernsky Labs traced the malware to a data center in Los Angeles, but indications are the attackers were Chinese.

“It is perhaps the first in a new wave of targeted attacks aimed at Android users,” Kapernsky Labs said in a blog post. “Until now, we haven’t seen targeted attacks against mobile phones in the wild, although we’ve seen indications that these were in development.”

Previous smartphone malware has tended to come in the form of spam text messages or infected apps, which were little more than phishing tools used against whoever happened to open them. Accordingly, smartphone operating systems have generally had far less need for antivirus software or frequent security patches. But that soon may change.

According to a report in the MIT Technology Review, earlier this month, Websense security researcher  Chris Astacio warned at the RSA Security Conference in San Francisco that cyber-criminals are increasingly turning their focus on smartphones, using corrupt websites to infect their victims.

Astacio said malacious software is targeting iPhones, iPads and Android devices, aiming to use  mobile browsers to take control of the device, according to the report.

That could be of particular concern to Apple users, as another new report found iOS to be the mobile operating system with the most vulnerabilities. That’s likely because iOS is much more of a target. Android’s vulnerability is its open platform, which allows easy creation of potentially malicious apps, so hackers haven’t needed to attack the OS directly. But because Apple has such control over its App Store, criminals are forced to look for other means of entry — such as through iOS, according to a report by ZDNet.

In an interview with ZDNet Asia, SourceFire security researcher Yves Younan said he was “surprised” that Apple topped the list of vulnerabilities, but that it made sense given that Android attackers focus on apps, and Windows isn’t yet widely used enough to present much of a target.

The rise of mobile malware attacks will likely force Apple and Google to release more frequent OS updates to patch vulnerabilities in the future, experts say. But still, the best security advice is the simplest: Be careful where you browse, and don’t open attachments that you don’t trust.


(Photo by Nhat V. Meyer/Mercury News archives)



Tags: , , , , ,


Share this Post

  • RichDavis

    Kapernsky Labs has to show valid proof of malware on a platform. What this article suggests hasn’t been proven. There have been reports of actual findings and so far iOS hasn’t had any noticeable malware attacks. In fact, for mobile devices, Android was the highest in the number of attacks. Don’t believe me, read an actual report. Here’s a link.

    So, Kapernsky Labs is merely going on spouting maybes NOT fact. Idiots.

  • John Hopkins

    Who is Kapernsky Labs? Don’t you mean Kaspersky?

  • Nat

    I’m sorry, but there’s a lot in this article I just don’t buy. I agree with the argument that Android, it’s app stores and ad networks need to be more responsible in helping prevent the spread of malware, but at the same time, it is only fair to report the truth. And the truth is a growing number of big players in the Android ecosystem are getting ahead of this problem. Look at Airpush, They struck some kind of deal with Appthority to scan and eliminate pretty much the entire threat of malware on the Airpush network. That’s progress. It’s not all gloom and doom out there!

  • Hiram
  • This is something that I’ve always wondered about. I’m really good about not opening up suspicious links and emails from sources I don’t recognize but I still worry about all the information that is stored on my phone. It was my understand that most Apple products don’t get viruses; something to do with how the product is built?? Is this accurate information or should I just keep up with not clicking on suspicious links?