Attackers besiege Google Android OS, Trend Micro reveals

Google’s Android mobile OS is under siege by attackers, as malware and data-stealing adware rose 483% in the last quarter, says Trend Micro

Google’s Android mobile operating system (OS) is under siege by attackers, with malware and information stealing adware targeting the platform up 483% in the last quarter.

While Apple’s relatively rigorous approach to vetting apps before allowing them on the App Store has minimised security risk, Google’s open platform has become a hotbed of malicious activity, according to the latest threat report from security firm Trend Micro.

In August, Google introduced stricter rules for applications on its Android mobile OS to reduce the number of malicious apps in the Google Play app market and improve its reputation. 

The revised Google Android developer policy includes new rules on naming apps and a ban on apps that disclose personal information without permission.

However, Trend Micro found fake versions of legitimate Android apps are the most prevalent type of Android malware. Many are designed to steal information, completely take over a user’s smartphone or run up huge bills by contacting premium rate numbers.

Trends in Q3 2012

  • Dangerous zero-day exploits targeting Java and Internet Explorer (IE) were found. The IE vulnerability was used in an advanced persistent threat (APT) campaign.
  • ZeroAccess malware, sometimes found on peer-to-peer (P2P) sharing sites, was the most prevalent this quarter. The old DOWNAD/ Conficker worm came a close second.
  • PayPal attracted the most phishermen while LinkedIn topped the list of chosen Blackhole Exploit Kit targets.
  • Corporations and governments continued to suffer APT attacks. Lurid and Nitro APT campaign improvements were also noted.
  • Social media threats and privacy concerns continue to cause problems.

Trend Micro also noted a rise in “aggressive adware” apps that collect more personal information than the user has authorised, with many disseminated through legitimate ad networks.

Most adware is designed to collect user information, but there is a fine line between collecting data for simple advertising use and violating users’ privacy.

According to Trend Micro, the developer community has a responsibility to be more transparent about the extent of data-gathering that goes on through the in-app libraries provided by ad networks.

"It's no surprise that we see such a huge increase in mobile malware,” said Raimund Genes, CTO at Trend Micro.

“Android is the dominant smartphone platform with an amazing success story. The digital underground reads statistics and analysts reports as well, and they have figured out ways to make money with mobile malware. 

"And unlike your computer, getting information from your phone also reveals your location, the phone numbers you have called and more – all stuff which could be sold.” 

Research has shown only 20% of Android device owners use a security app. Users need to understand what permissions apps seek, before approving them and unintentionally sharing sensitive information, said Genes.

According to Rik Ferguson, director of security research at Trend Micro, this level of criminal interest does not bode well for the future and for the “internet of things”, where Android is still the most likely OS to power the multitude of connected devices appearing on the horizon.

“Active and sustained criminal interest in the Android platform is a reality and looks set to continue for the foreseeable future until some fundamental and necessary changes are made to the infrastructure and some important security lessons are relearned at operating-system level,” he said.

Read more on Hackers and cybercrime prevention