Malware targeting the Android mobile computing platform is increasing, according to the Symantec official blog...
Overall, malware targeting mobile devices rose 46% in 2010, according to a fourth quarter threat report from security firm McAfee.
The report said this trend is expected to continue throughout 2011. While Nokia's Symbian operating system is still the most targeted, hackers are starting to focus on Apple's iOS and Google's Android systems.
Cybercriminals are tracking the increased popularity of Android, which overtook Symbian for the first time in the last quarter of 2010, the report said.
The most recent example of Android malware, says Symantec, is a Trojan called Android.Pjapps, spreading through altered versions of legitimate apps hosted on unregulated third-party Android marketplaces.
Android.Pjapps masquerades as the popular Steamy Window app.
Legitimate features of the original app are still present in the malicious version, which allows an attacker to build a botnet.
The malware can install applications, navigate to websites, add bookmarks to the user's browser, send text messages, block text message responses and send sensitive user information to the attacker.
According to Symantec, the Trojan has been designed to peddle ad campaigns and gain benefit by connecting to third-party premium rate services at users' expense.
- Android users can protect against Trojanised applications by:
- Using only regulated Android marketplaces for downloading and installing Android apps
- Adjusting Android OS application settings to stop the installation of non-market apps
- Reviewing other users' comments on the marketplace to assist in determining if an app is safe
- Always checking the access permissions being requested for installation to ensure they are not excessive for what the application is designed to do
- Using mobile security software on devices to ensure any downloaded apps are not malicious
- Considering a mobile management system in the enterprise to ensure all devices that connect to corporate networks are policy-compliant