Nov. 21, 2011 at 4:47 PM ET
Android has a new stalker: malware, and it's put a bull's-eye on Google's mobile operating system, according to a new McAfee report.
If you own an Android phone, the first thing you need to do is not panic. But you do need to be aware of the lurking dangers out there.
The McAfee report, which encompasses the third quarter of 2011, laid it out bluntly from the start of its section on mobile threats:
Last quarter the Android mobile operating system (OS) became the most “popular” platform for new malware. This quarter Android became the exclusive platform for all new mobile malware. The Symbian OS (for Nokia handsets) remains the platform with the all-time greatest number of malware, but Android is clearly today’s target.
Users need to be alert to SMS-subscribing, money-making trojans (not for you, unfortunately), malicious apps, data-stealing invaders of all varieties, including those that try to infiltrate through system databases and those that surreptitiously record phone calls.
Android's vulnerability is also highlighted in this story, which gives readers one very eye-catching statistic: Android malware has jumped 472 percent since July. The security experts quoted in that story said that until there's a critical mass of Android owners whose wallets really feel the pinch of the scams, things won't get better. Changing behavior, such as taking the time to read through permissions an app can access, will help deter the changes of being a victim.
But users aren't the only ones at fault. The Android ecosystem, with its lack of standardization across so many manufacturers, isn't able to keep up with the security patches and updates necessary to secure phones in any kind of consistent way. And as the McAfee report shows, there is no let up in the bad guys trying to take advantage of innocents.
The report shows spam varies from country to country, with Delivery Service Notifications (fake error messages) the most popular lures in the U.S., which also is ground zero for the majority of new malicious sites.
The U.S. has seen a decline in new botnet senders from October 2010 to October 2011, from 300,000 to 100,000, but McAfee warns that such a decrease doesn't mean we should let up on our vigilance.
Even though spam volume is way down, McAfee Labs sees targeted spam, often called spearphishing, at its greatest development in years. So, very much like malware, the noise tells us spam levels have dropped, yet the signal we need to hear is that the bad guys have changed their tactics. They are protecting their business models and are doing so with a sophistication that creates a more dangerous threat than before.
In particular, McAfee saw "four significant spikes in malicious web content this quarter. They are not linked to any particular attack but to updates to the internal or external sensors that periodically send data to our web threat database."
McAfee also noted the rise of hacktivism during this quarter, with Anonymous attacks against PayPal, police and major financial institutions making a prominent appearance.