Proclaiming Android as the mostly-targeted operating system by malware is not something new. And a new report has just reiterated the same, saying that mobile malware increased immensely in the last one year with Google's Android OS being the No. 1 targeted platform.
According to a new report by McAfee, titled "Threats Report: Second Quarter 2012 report," mobile malware increased 700 percent in the last one year, mostly targeting Android. Symbian was at the second spot.
"During the past few quarters we've seen that the Android OS is the most popular target for writers of mobile malware," McAfee said. "This quarter was no different; practically all new mobile malware was directed at the Android platform. The mix included SMS-sending malware, mobile botnets, spyware, and destructive Trojans."
McAfee said that mobile malware was not "proof-of-concept or early code." Rather, it's "fully functional and mature, and mobile malware writers know what they are looking for: consumer and business data."
The U.S.-based security software company stated, looking at the second quarter of 2012, that there were three new ways of attack, which had been identified - the emergence of mobile (Android) "drive-by downloads" as a new attack vector, the use of Twitter for control of mobile botnets, and the appearance of mobile "ransomware" as the newest way of extracting funds from unsuspecting victims.
According to McAfee, similar to drive-by installs on the PC, mobile drive-by downloads drop malware on users' phone when they visit a site. "A victim still needs to install the downloaded malware, but when an attacker names the file Android System Update 4.0.apk, most suspicions vanish," said McAfee.
On the other hand, "Android/Twikabot.A," a new botnet client, uses Twitter for gaining control. Instead of connecting to a web server, the malware searches for commands from specific attacker-controlled Twitter accounts. The attacker can tweet commands and all infected devices follow them.
Last month, another cyber security-related company called F-Secure said in a report that more than 5,000 pieces of malicious Android software were received in Q2 2012, which represents a massive 64 percent increase of Android malware during the quarter over Q1 2012.
The F-Secure report also pointed out a new infection method in the second quarter that used Twitter as a bot mechanism. In this method, the malware accesses a Twitter account (possibly set up by the malware itself) to obtain a server address, from which it communicates with and receives further command from.
As Redmond Pie noted, there are a few ways that help avoid malware attacks - stick to downloading apps only from the Google Play Store, avoid installing APKs from untrusted sources, turn off USB debugging when not in use and many more.
Click here for more information.