Up to a million Android users affected by malware, says report

[Jack]

Android malware affects from 500,000 to 1 million smartphone users, who are two and a half times as likely to encounter malware today as six months ago, according to a Lookout Mobile Security analysis. Meanwhile, security experts are debating the threat of an Android Trojan that records one's phone calls.

Android device owners have plenty to be wary of on the security front, according to a new report from Lookout Mobile Security. Android users are 2.5 times more likely to be affected by malware today than they were six months ago, the firm said in its new 2011 Mobile Threat report. Moreover, anywhere from 500,000 to 1 million users were said to have been impacted by malware on their Android smartphone or tablet this year.

In addition, three out of 10 Android gadget owners are likely to encounter a web-based threat on their device each year, says the report, released in conjunction with this week's Black Hat security conference in Las Vegas. The number of Android apps infected with malware was said to have soared from 80 apps in January, to more than 400 apps by the end of June.

Read more

eg : Android Malware DreamDroid Dubbed a Nightmare

 

[amazingAG]

No android yet...for now atleast i'll be safe :lolz:

 

[Ink]

Does anyone use Android and what security app do they recommend?

Cheers

 

[MrXidus]

I use Dr.Web Antivirus on my Android.

 

[Hungry Man]

Common sense is enough for Android I think. There's one main distribution system, the market, so just be wary on it.

Google's really dropped the ball here.

 

[McLovin]

Does anyone use Android and what security app do they recommend?

Cheers

I use Android and the security app I use is Bitdefender. Works well for me.

 

[Hungry Man]

I'll never run an AV on my phone! haha =p I refuse. They're scraped for resources and battery life as it is.

Install applications from trusted resources. Check comments, how long it's been installed, etc.

---

Relevant article:
http://hothardware.com/News/Malware-For-Android-Users-Increases-In-Frequency-And-Sophistication/

The folks at Lookout Mobile Security released the 2011 Mobile Threat Report, which offers a sobering look at the current state of mobile threats. According to the report, mobile users are more likely than ever to experience a malware attack, and the tactics that cybercriminals are employing are increasingly sophisticated.

The news is worse for Android users, as most of those threats are targeted at them. Apparently that walled garden Apple built is good for something, at least for now; the report states that although issues of privacy and application vulnerabilities affect both iOS and Android platforms, Android is far and away the greater target of malware and spyware.

Although spyware has been a problem for a while now, the prevalence of malware is quickly on the rise for Android devices. In January of this year, spyware made up 66% of mobile threats compared to 34% from malware; by June, those percentages had shifted considerably, to 52% and 48%, respectively.

Further, the sheer number of unique infected and/or malicious apps skyrocketed from 80 to 400 in that same time period.

In other words, if this trend continues at anything close to that rate, malware is going to be the dominant security threat to Android users. It may be already.

The tactics that baddies are using are as impressive as they are worrisome. Techniques include cloning a legitimate app and packing it with nasty code; using misleading disclosures; posting in-app mobile ads that lead to malware (“malvertising”); and a tactic wherein a malware maker releases a clean app but then packs malicious code into an update. Recently, researchers uncovered an Android-specific Trojan that actually records phone calls.

It’s no surprise that mobile malware threats are proliferating. Mobile devices are increasingly powerful little machines that users rely on more and more for general computing tasks, as well as for storing sensitive personal information. But with additional capabilities comes greater complexity, and complex systems tend to have more bugs and holes that can be exploited.

Lookout offers some tips on preventing threats, although most of them sound rather similar to what you’d tell any computer user: only download apps from reputable sources (and scope out the developer), be sure a link takes you to where it says it will, install security software that will watch for and prevent threats, look for any odd device behavior, and install your firmware updates when prompted.

 

[McLovin]

Thanks Hungry Man.

 

[Hungry Man]

Sure thing.

 

[Jack]

I'll never run an AV on my phone! haha =p I refuse. They're scraped for resources and battery life as it is.

Install applications from trusted resources. Check comments, how long it's been installed, etc.

+1.
Using common sense should keep your Android system safe without any problems....Many people just rush into it and end up installing malware on their phones.
An Android user should always search for reviews for any apps before downloading and also investigate the developer’s history. A developer with a couple of apps for their name plus a poor description are warning signs.
There are others way to spot a malicious app so when I've seen that +500.000 Android users are infected I was a little shocked :shok: .... The Android malware is pretty nasty but the good part is that it can easily be avoided at this point....well not by everyone apparently.


Here is what a Av will do for your Android system :

Key Features and Benefits
Proactive threat protection
Protect your smartphone with ESET's heuristics detection that alerts you to any suspicious activity on your phone. All applications, files, folders, and SD memory cards are continually scanned for trojans, viruses, worms, spyware, spam, and other attacks with ESET's proactive heuristics technology.

Anti-theft security system
Guard against device loss or theft with multiple layers of security that allow you to maintain control over phone-stored data with simple to use text commands.

Remote Lock—Prevent unauthorized access to your phone's data
GPS Localization—Locate your lost or stolen phone on a map
Remote Wipe—Wipe all personal information and restore phone to factory setting
Security audit with built-in task manager
Monitor all vital phone functions, including battery life, free disk space, running processes, Bluetooth, and device visibility. Take action on the spot, including terminating any processes that increase your security risk.

Uninstall protection
Secure your smartphone against unauthorized uninstallation of ESET Mobile Security (available for Android version 2.2 or higher).

Call intercept
Block unwanted incoming and outgoing calls.

SMS/MMS antispam
Define trustworthy contacts via customizable black or whitelist or simply block message traffic from unknown numbers.

http://www.eset.com/us/beta/mobile-security-for-android

There is no question that the Android OS is and will be heavily targeted by malware writers so if you lack common sense , an antivirus is a must.
On another note Google refusal to keep malicious apps out of the Android Market is inexcusable.The only reason we have so much malware on Android is that Google doesn’t do basic security checking,it seems like all a hacker needs to do is submit their attack program to Google for the Android Market and it gets approved.Here is an idea Google before approving a new app. make sure it won't try to damage our system or steal our data.

 

[Hungry Man]

On another note Google refusal to keep malicious apps out of the Android Market is inexcusable.

Agree! It's idiotic... they're putting this open environment ahead of user security, which should be their priority above all else!

 

[Jack]

It looks like the number of infected Android OS will increase very soon :

Android could allow mobile ad or phishing pop-ups​

Researchers have discovered what they say is a design flaw in Android that could be used by criminals to steal data via phishing or by advertisers to bring annoying pop-up ads to phones.

Developers can create apps that appear to be innocuous but which can display a fake bank app log-in page, for instance, when the user is using the legitimate bank app, Nicholas Percoco, senior vice president and head of SpiderLabs at Trustwave, said ahead of his presentation on the research at the DefCon hacker conference today.

Currently, apps that want to communicate with the user while a different app is being viewed just push an alert to the notification bar on the top of the screen. But there is an application programming interface in Android's Software Development Kit that can be used to push a particular app to the foreground, he said.

"Android allows you to override the standard for (hitting) the back buttons," said Sean Schulte, SSL (Secure Sockets Layer) developer at Trustwave.

"Because of that, the app is able to steal the focus and you're not able to hit the back button to exit out," Percoco said, adding that they've named the issue the Focus Stealing Vulnerability.

The researchers have created a proof-of-concept tool that is a game but also triggers fake displays for Facebook, Amazon, Google Voice, and the Google e-mail client. The tool installs itself as part of a payload inside a legitimate app and registers as a service so it comes back up after the phone reboots, Percoco said.


Read more

 

[jamescv7]

Its like since android smartphone was established, malware are increased unexpectedly.

 

[Hungry Man]

More and more banks are coming out with mobile apps to check your account info and even deposit checks via camera phone. These apps are targetted to Android and Phone users so these two OS's really need to step up security.