Android the target of nearly all new malware during the quarter, says McAfee

In the sordid history of malware, both mobile and general, 2011 is on track to be the worst hit, according to a new report from security solutions provider McAfee, which found Google's OS to be at the center of the problem. "Nearly all new mobile malware in Q3," states the report, "was targeted at Android."

Android malware during the third quarter was nearly five times that of the same quarter a year ago.

According to McAfee, just less than 5 million new malware threats were detected during Q3 — down from Q2's approximate 6 million but contributing to smoothly rising annual numbers. The last days of 2011 are expected to see McAfee's total malwares samples database reach 75 million.

Android/Wapaxy, Android/LoveTrp and Android/HippoSMS are all premium-rate SMS Trograns that have succeeding in getting user to subscribe to services, and then delete all subscription confirmation messages so the phone user is unaware of any activity — and of losing money.

Malware has also traveled on modified apps, which collect sensitive information, and even by recording users' calls.

The report continues:

Two examples are Android/NickiSpy.A and Android/GoldenEagle.A, both of which record user conversations and forward them to the attacker. Attackers can’t be sure that the first one or two calls have the information they seek, so these malware remain on the devices for extended periods without being detected; that’s a very persistent threat indeed!

Another technique for stealing information is to use root exploits to gain access to system databases. This allows attackers to break free of the application sandbox that Android would normally make them sit in, and allows attackers access to all of the phone’s data and operations. The Android/DroidDeluxe and Android.ApkMon families try to gain root access (via different exploits) to read system files (such as SMS database, emails, and contacts). We expect this trend to continue, as it has proved useful for years on other platforms.

The report also reveals that Apple's Mac OS, which has managed to sidestep a good amount of the malware drama suffered by Microsoft users, is no longer beyond malware writers' sights.

"Mac malware also continues to grow, following a sharp increase in Q2," McAfee said in a statement. While Q3 growth wasn't significant, the same halo effect that has drawn iPhone users to Macs and iPad has likewise attracted malicious attention.


"As certain platforms grow in popularity for both consumer and business use, such as the Mac operating system, malware authors will increasingly use these platforms to target victims," said McAfee.

Overall, McAfee found social engineering to be a lure used for attacks, and for attackers to have "remarkable insight" into what works in different cultures and regions, even down to the seasonal level.

In the United Sates, "Delivery Service Notifications" are the most popular. In Russia, drug spam is the most popular and in the United Kingdom 419 scams "reign supreme."

In areas of cybercrime, cyberwarfare and hacktivism, "Law enforcement made strides with several arrests. Prices continue to be very fluid on the cybercrime underground. Multiple high-profile attacks as well as shifting tactics from hacktivist groups such as Anonymous have provided more than enough excitement," states the report. "One thing is certain: 2011 continues to be a year of change, challenge, and chaos in information security."

In an emphasis of the breadth of the issue, the report debuts on the same day that the BBC reports that hackers in Russia were able to damage a water utility in Illinois by accessing its network and quickly turning on and off a pump, causing it to break.