Android, Mac malware on rise, and beware mom-and-pop websites

Online malicious activity was up across the board in the first quarter of this year, according to the latest threat report from McAfee, with increases seen in the number of exploits targeting mobile devices and Macs.

But despite the growth of mobile and Mac malware, the PC remains the dominant target for criminals, said Adam Wosotowsky, one of the report’s authors.

“The number of malware samples we see in PCs is exponentially higher than we see in smart phones,” said Wosotowsky, messaging data architect at McAfee.


Related coverage:

Targeted attacks, mobile vulnerabilities on the rise, report states


McAfee Labs gathers data on malware, attack vectors and vulnerabilities from its Global Threat Intelligence service. During the first three months of 2012 it added 8 million new samples of malware to its database, raising the total to 83 million. The sharpest spike in new malware came in those targeting mobile devices, which jumped from less than 2,000 samples last year to more than 8,000 samples in the first quarter of this year. The bulk of this, more than three quarters, was for the Android operating system.

Apple also is an increasingly popular target for malware writers. “Malware for Apple’s Mac continues to show consistent growth,” the report says. However, “as always, malware on the Mac appears relatively tame when compared with PC malware, but malware can be written for any operating system and platform.”

The number of malicious URLs continued to grow for the second straight quarter, and the United States is the premier host of malicious Web content.

“The Web is a dangerous place for the uninformed and unprotected,” the report said.

The prevalence of the United States as a source of malicious content is neither unprecedented nor unexpected, Wosotowsky said. “The United States is an early adopter of the Internet, and we also have the largest population of Web pages that have not updated in years,” he said.

Those pages are increasingly valuable real estate for criminals looking for sites from which to deliver malware, spam and other malicious content, Wosotowsky said. Malicious sites established by bad guys are relatively easy for security companies to identify and block. But an existing site with a history of legitimate use that has been compromised is more difficult to spot and can remain active for a longer time. Many of these legitimate sites are from small, mom-and-pop organizations that are not actively maintained or have been abandoned.

“The value of a compromised Web address has increased over time significantly,” Wosotowsky said. “We are now seeing botnet activity involved in scanning for them. It’s a way to monetize.”

Common uses of compromised sites include drive-by downloading of exploits for Flash and Java, for sending spam and phishing.

The large increase in mobile malware in the last quarter was targeted almost solely at Android. The hundreds of Android threats being identified in the middle of 2011 increased to thousands this year, now accounting for almost 7,000 of more than 8,000 total mobile malware samples in McAfee’s database.

It comes as no surprise that most of the malware is coming from third-party app developers rather than the official marketplaces for the devices, and that Android is the most popular target.

“The iPhone is a finished product,” Wosotowsky said. “The Android is a platform that other people can use to make a product. For that reason it’s more flexible” and more attractive to bad actors.

Despite its growth, he described mobile malware as still in its infancy compared with PC malware. The most common money-makers remain applications sending text messages to premium numbers. But the report also cited more interesting — and potentially damaging — examples, including what is called the first destructive Android Trojan, Android/Moghava.A.

“Instead of damaging apps or other executables this malware goes after photos,” the report warns. “Moghava.A searches for photos stored on the SD card, and adds the image of the Ayatollah Khomeini to each picture. The malware is also a bit buggy, so it will continue to add to the pictures until there is no more space on the card.”

Despite changes in the threat landscape from quarter to quarter, some things remain the same, the report concluded. “Threats continue to evolve, and attackers continue to push the envelope.”

 

About the Author

William Jackson is freelance writer and the author of the CyberEye blog.

Reader Comments

Thu, Jun 7, 2012 san juan, puerto rico

i have an htc evo 3d (android), and wonder if it is possible for someone to remotely take control of your phone, and pry into phone calls, web site history ect.... How can one get rid of this problem when it happens?

Thu, May 24, 2012 Jeffrey Brown University of Houston

Static content would be >98% safe. It is the hosting site's responsibility to secure their site. Although it is not in a companies best interest to leave a static site for years.

Thu, May 24, 2012

I think that you are not clear about "mom-and-pop websites" that have "not been updated" in years. it would have to be the web server whose software was not updated over the years, not the content of a static website. If I leave a site unchanged for years that is hosted by a reputable and widely used hosting service, I think it is irrelevant that my site has remained static. The hosting service's practices are far more important to securing a site than someone who uploads some HTML and leaves it there unchanged. If not, please explain how the failure to update the content of a site would allow the site to be compromised if the web server itself has been properly secured.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above