3 of 10 Android users now face malware attack

Risk of being hacked has more than doubled in the last six months, says a new report

Three out of every 10 Android users now face hacking attempts annually, more than doubling the risk to users of the Google smart-phone software from just six months ago, according to a recent report from Lookout Mobile Security.

Android hacking attempts have increased exponentially within the past six months, the firm reported, as the number of malware applications has also risen from, 80 applications in January to more than 400 in June 2011.

Between a half million to 1 million people were affected by Android malware in the first half of 2011, according to the report.


Related coverage:

Going mobile? The people are already there 

Google alerts infected users that they've been compromised


Case in point: Two days ago, Dinesh Venkatesan of CA Technologies reported a new Android trojan that can steal account passwords and Social Security Numbers by recording phone conversations.

“As it is already widely acknowledged that this year is the year of mobile malware, we advise the smart-phone users to be more logical and exercise the basic security principles while surfing and installing any applications,” said Venkatesan in his post.

Most threats to Android devices are malware and spyware, said the firm. Of the threats Lookout detected in June 2011, 48 percent were malware and 52 percent spyware. The most prevalent type of malware attack in the first half of 2011 was repackaging, whereby a hacker adds malicious code to a legitimate application and then republishes the doctored application to an application market or download site.

“The repackaging technique is highly effective because it is often difficult for users to tell the difference between a legitimate app and its repackaged doppelganger,” said the report.

Repackaging, though, is only one of a variety of ways that hackers are attacking mobile devices, and the variety of ways that they can compromise devices continues to increase. A newer, similar model is the “upgrade attack.”

"We've started to see [attackers] publish a clean app, then wait for a while before offering an update that's infected," said Kevin Mahaffey, co-founder and CTO of San Francisco-based Lookout in a ComputerWorld article Aug. 3.

"Because most people automatically update their apps, there's less time that the malware is on the market before it's installed by a lot of people."

Although many government agencies have begun adopting mobile devices, including the State Department, the General Services Administration and the Department of Defense, they may not be prepared to fight these attacks.

A recent report by the General Accounting Office found the DOD unable to keep pace with cyber threats, reported GCN July 26.

Additionally, “because mobile platforms are new, often introducing new APIs and security models, even skilled developers aren’t always aware of best security practices,” noted the report.

Yet one of the biggest issues is not limited to mobile devices: that is users transmitting sensitive data without proper encryption, noted the report.

About the Author

Kathleen Hickey is a freelance writer for GCN.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.