Security: Is Android Becoming the Windows of Mobile?
- By Keith Ward
- October 11, 2012
One reason Windows has always been a more vulnerable platform for malware than Macs is its much larger user base. More users equals a larger pool of machines to spread worms and viruses more quickly; it also means more "glory" for the malware author in the peculiar world of hackers.
That same dynamic may now be in play for Android, which has seen the number of Trojans targeting the platform nearly triple in just the last three months. That's according to Kaspersky Labs, which reported that the number of malware programs for Android skyrocketed from just more than 5,000 in Q1 of 2012 to nearly 15,000 in Q2.
Those statistics, Kaspersky says, "...Points to the fact that more virus writers are changing gear and focusing more on developing malicious programs for mobile devices." And Android's huge popularity makes it the juiciest target.
Another parallel to Windows security threats, Kaspersky says, is a growing black market for malware distribution. Unlike the Apple Store or forthcoming Windows Store, Android users of both smartphones and tablets can go to outside sources for apps: "The main channels of distribution are unofficial online app stores and affiliate programs," Kaspersky says. Many of the third-party app stores are in Asia.
About half of the threat detections were "multi-functional Trojans" which steal data from phones, while a smaller but growing number -- 18 percent -- of threats are backdoors, giving the attackers full control of a phone. It can then become part of a mobile botnet network.
One of the most popular Android malware programs is "Zitmo", which is essentially a mobile version of the infamous Zeus banking malware. Zitmo presents itself as an app called Android Security Suite Premium.
Android is the most popular smartphone in the world by far, with nearly 60 percent of the market, according to Q1 figures that show Android with 59 percent marketshare, followed by iOS at 23 percent share.
That data is buttressed by a study from the Cloud Security Alliance, a non-profit that tracks risks to cloud computing. CSA reported on the top threats to mobile computing, and mobile malware was No. 2 on its list, after lost, stolen or decommissioned devices.
Of interest to developers is the No. 3 overall risk: poorly-written third-party apps. The study says that apps often request or secretly obtain more data than they need.
Keith Ward is the editor in chief of Virtualization & Cloud Review. Follow him on Twitter @VirtReviewKeith.