or Connect
AppleInsider › Forums › General › General Discussion › Mobile malware authors 'almost exclusively' focused on Android in 2013, says Symantec
New Posts  All Forums:Forum Nav:

Mobile malware authors 'almost exclusively' focused on Android in 2013, says Symantec

post #1 of 114
Thread Starter 
Attackers continue to target Android more than any other mobile operating system, according to a new report released Tuesday, as Google's platform played host to all but one of the new mobile malware families discovered last year.




Microsoft's Windows Phone was the subject of the lone non-Android malware discovery, while Apple's iOS escaped the year unscathed. The data was revealed by Symantec as part of the company's annual internet security threat report.

The various app stores -- both official and third-party -- available to Android users continue to represent the platform's biggest weakness. A Remote Administration Tool, or RAT, appeared last summer, for instance, in a number of apps on the Google Play store.

To highlight those app stores' vulnerability, Symantec specifically called out "the release of an instant messaging application by a well-known smartphone vendor on the Android platform," likely referring to BlackBerry's BBM. "Attackers in turn took advantage of the popularity of the new app and released a variety of counterfeit versions bundled with adware. These apps were quickly removed from the Android marketplace, but not before accumulating a large number of downloads," they added.

Still other threats masqueraded as legitimate apps. Android.Fakedefender purported to be a malware scanning app which was itself a trojan, extorting users to pay for the removal of other, nonexistent viruses that it claimed to have discovered after a system scan.

Android has also been subject to increasingly sophisticated attacks as its installed base grows, the report said. Malware authors have begun to branch out from simply attempting to steal users' personal information to attacks traditionally seen on desktop operating systems, including hybrid campaigns that target both Android devices and PCs.

"The attraction of the mobile environment to attackers is clearly based on the size and growth rate of the user base today," the report reads. "Yet it's also based on the amount of personal information that's easily attainable once an attacker is on the device. With the right permissions the device's phone number, GPS coordinates, camera, and other information become readily available."
post #2 of 114
Any data on actual infection rates?
post #3 of 114
As a reminder to all platform owners, lest they get arrogant: these reports are based only on known malware instances.
post #4 of 114
Quote:
Originally Posted by AppleInsider View Post

Attackers continue to target Android more than any other mobile operating system...
 


Why?  Because when something is made out of shit, it tends to attract the flies.

post #5 of 114
I hate when data has an Apple-bias. /s
post #6 of 114

Google issues security upgrades to all 17 of its variations of Android.  Also, these viruses mostly do *not* affect the 3.9% of Android users who have Google's latest Android OS.

post #7 of 114
Quote:
Originally Posted by macaholic_1948 View Post

As a reminder to all platform owners, lest they get arrogant: these reports are based only on known malware instances.

...but not on known infections. Aiming for a target is not the same as hitting it.
melior diabolus quem scies
Reply
melior diabolus quem scies
Reply
post #8 of 114
post #9 of 114
Quote:
Originally Posted by Gatorguy View Post

Quote:
Originally Posted by macaholic_1948 View Post

As a reminder to all platform owners, lest they get arrogant: these reports are based only on known malware instances.

...but not on known infections. Aiming for a target is not the same as hitting it.

I tend to agree. Android is loved used by the vast majority of smartphone users.
post #10 of 114

Suppose it takes 40hr of coding time to produce a piece of malware for all the Android variants out there, and it brings you $10,000 in ultimate global revenue.  It's been established that developing an app for iOS is less than half the effort of developing for Android, so the same hacker could instead spend his 40hr of coding time to produce TWO legitimate apps for iOS, reap twice the revenue, and NOT have Interpol chasing him.  Seems like a no-brainer.  Perhaps this is why there is less malware for iOS?  

post #11 of 114
Quote:
Originally Posted by Slurpy View Post

This is just fucking Gold:

http://www.neowin.net/news/the-1-paid-app-in-the-google-playstore-virus-shield-is-a-complete-scam

Wow. I mean, wow. 

Ha!


For $3.99, you get to see the image on the left turn into the image on the right

I think the icon on the left is for Android, the one on the right for iOS, without having to buy an app at all.
post #12 of 114
At least Android users are paying for protection¡



edit: Dammit! Pipped by @Slurpy.

"The real haunted empire?  It's the New York Times." ~SockRolid

"There is no rule that says the best phones must have the largest screen." ~RoundaboutNow

Reply

"The real haunted empire?  It's the New York Times." ~SockRolid

"There is no rule that says the best phones must have the largest screen." ~RoundaboutNow

Reply
post #13 of 114
Cue the "It's easy to avoid viruses: just buy your apps only from Google's walled garden."

You know what I'm talking about.

"Apple should pull the plug on the iPhone."

John C. Dvorak, 2007
Reply

"Apple should pull the plug on the iPhone."

John C. Dvorak, 2007
Reply
post #14 of 114
Quote:
Originally Posted by jungmark View Post

I hate when data has an Apple-bias. /s

Don't worry, there are plenty of logical fallacies that can be applied to insuring that Android wins every time.

"Apple should pull the plug on the iPhone."

John C. Dvorak, 2007
Reply

"Apple should pull the plug on the iPhone."

John C. Dvorak, 2007
Reply
post #15 of 114
What amazes me is that I always assumed the official Google Play Store itself was free of malware (or very nearly, comparable to Apple). So you're safe if you avoid third-party sources.

But apparently that was never true!

Follow the money: malware writers are doing this because it works.

Search for "android botnet" for a fun time.
post #16 of 114
Quote:
Originally Posted by Suddenly Newton View Post

Cue the "It's easy to avoid viruses: just buy your apps only from Google's walled garden."

You know what I'm talking about.


Apparently in Android land you can both have the cake AND also eat it.

 

And also. Android users are apparently *much* smarter so they just know by default what they should and should not install on their phones so It's basically all moot. "No issues" as a colleague of mine says all the time.

post #17 of 114
Quote:
Originally Posted by SolipsismX View Post

At least Android users are paying for protection¡
 

edit: Dammit! Pipped by @Slurpy.

 

To be fair, that app wasn't malware.  It is a scam though which needs to be addressed.  

post #18 of 114
Quote:
Originally Posted by mistercow View Post

To be fair, that app wasn't malware.  It is a scam though which needs to be addressed.  

mal- |mal|
comb. form
1 in an unpleasant degree: malodorous.
2 in a faulty manner: malfunction.
• in an improper manner: malpractice.
• in an inadequate manner: malnourishment.
3 not: maladroit.

I classify any scam SW as bad, especially if the scam is to tell you your system is safe.

"The real haunted empire?  It's the New York Times." ~SockRolid

"There is no rule that says the best phones must have the largest screen." ~RoundaboutNow

Reply

"The real haunted empire?  It's the New York Times." ~SockRolid

"There is no rule that says the best phones must have the largest screen." ~RoundaboutNow

Reply
post #19 of 114
Quote:
Originally Posted by mistercow View Post

To be fair, that app wasn't malware.  It is a scam though which needs to be addressed.  

Fooling people to give you money is malicious, and it was done using software. IMO it's the epitome of malware.
"Few things are harder to put up with than the annoyance of a good example" Mark Twain
"Just because something is deemed the law doesn't make it just" - SolipsismX
Reply
"Few things are harder to put up with than the annoyance of a good example" Mark Twain
"Just because something is deemed the law doesn't make it just" - SolipsismX
Reply
post #20 of 114
Quote:
Originally Posted by dasanman69 View Post


Fooling people to give you money is malicious, and it was done using software. IMO it's the epitome of malware

 

I'm assuming most people identify malware as stealing information through exploiting security flaws.  By your definition, in-app purchases for kids focused apps that don't require password protection for every purpose can be considered malware.  

 

edit:

The scam was through purchasing a product.  It just happened that the product was software.  If I bought software off of ebay and the software failed to activate, does that make ebay malware?

post #21 of 114

Android is basically synonymous with malware.:smokey:

 

Android is winning all right.:lol: 

post #22 of 114
Quote:
Originally Posted by mistercow View Post

I'm assuming most people identify malware as stealing information through exploiting security flaws.  By your definition, in-app purchases for kids focused apps that don't require password protection for every purpose can be considered malware.  

edit:
The scam was through purchasing a product.  It just happened that the product was software.  If I bought software off of ebay and the software failed to activate, does that make ebay malware?

1) Yes, an in-app purchase that gets a child to pay $99 for a few digital coins in a game is malware. Same goes for cloned games in Play or App Store that steal the original app's code, or try to mirror its look, feel and name as to confuse buyers as malware. Pretty much any unethical tactic that has to trick the user or system is malware.

2) Why does it have to steal your personal info to fall into that category? What about a trojan that installs on WinPC and then deletes files or just pushes up spam? Would you not call the computer worm Stuxnet that ruing nuclear centrifuges unpleasant SW to the systems that installed it?

"The real haunted empire?  It's the New York Times." ~SockRolid

"There is no rule that says the best phones must have the largest screen." ~RoundaboutNow

Reply

"The real haunted empire?  It's the New York Times." ~SockRolid

"There is no rule that says the best phones must have the largest screen." ~RoundaboutNow

Reply
post #23 of 114

Also, Fandroids deserve to get infected and scammed, as their decision to use a crappy OS was all their own.

 

Here's to a great 2014 too!:lol:

post #24 of 114
Quote:
Originally Posted by mistercow View Post

I'm assuming most people identify malware as stealing information through exploiting security flaws.  By your definition, in-app purchases for kids focused apps that don't require password protection for every purpose can be considered malware.  

edit:
The scam was through purchasing a product.  It just happened that the product was software.  If I bought software off of ebay and the software failed to activate, does that make ebay malware?

IAPs have to be declared on the apps main page. If a user doesn’t notice it then it's not the fault of the software, but the ignorance of the user.

You didn't buy the software from eBay, but from a seller using eBay as the middleman. eBay will get you a refund if you didn't get what you paid for.
"Few things are harder to put up with than the annoyance of a good example" Mark Twain
"Just because something is deemed the law doesn't make it just" - SolipsismX
Reply
"Few things are harder to put up with than the annoyance of a good example" Mark Twain
"Just because something is deemed the law doesn't make it just" - SolipsismX
Reply
post #25 of 114
Quote:
Originally Posted by SolipsismX View Post


1) Yes, an in-app purchase that gets a child to pay $99 for a few digital coins in a game is malware.

 

I disagree.

 

I'm not a fan of the freemium gaming model, but what you describe there is fairly common in virtually all freemium games.

 

There are many freemium games where the top in app purchase is $99 for a trunk or bunch of gems or coins in a game. 

 

These in app purchases require a password, and whoever purchases them is responsible for their own actions. If a kid purchases it, then the parents are responsible.

post #26 of 114
Quote:
Originally Posted by SolipsismX View Post


1) Yes, an in-app purchase that gets a child to pay $99 for a few digital coins in a game is malware.

2) Why does it have to steal your personal info to fall into that category? What about a trojan that installs on WinPC and then deletes files or just pushes up spam? Would you not call the computer worm Stuxnet that ruing nuclear centrifuges unpleasant SW to the systems that installed it?

2) I concede #2.  I didn't state my intention correctly.  I had really meant exploiting security for detrimental effects, not limited to just stealing information.  By this I had meant the app doesn't create a security issue with the phone itself.  It was a scam that caused people to lose money which needs to be addressed by Google - probably in at least implementing a better review process that can at least check to see an app does what it states it does.  

 

My point was that the article shown is specifically geared to security exploits from software.  The scam app doesn't cause any inherent security issues with Android itself.  It's an issue with the Play Stores review policy.  

post #27 of 114
Quote:
Originally Posted by dasanman69 View Post


IAPs have to be declared on the apps main page. If a user doesn’t notice it then it's not the fault of the software, but the ignorance of the user.

You didn't buy the software from eBay, but from a seller using eBay as the middleman. eBay will get you a refund if you didn't get what you paid for.

 

Purchases from app stores are from a developer (and not Apple/Google) using the app store as the middleman.  I'm guessing Google will refund the people that purchased this app in this case.  How is it any different than the ebay example I gave?

post #28 of 114
Quote:
Originally Posted by Apple ][ View Post

I disagree.

I'm not a fan of the freemium gaming model, but what you describe there is fairly common in virtually all freemium games.

There are many freemium games where the top in app purchase is $99 for a trunk or bunch of gems or coins in a game. 

These in app purchases require a password, and whoever purchases them is responsible for their own actions. If a kid purchases it, then the parents are responsible.

I see your point but if that code was designed to exploit techtarded or lazy parents then I still consider it malicious software. I'm sure you've heard the expression "There is a sucker born every minute." i don't believe that should put all the responsibly on the "sucker" and giving the unethical people taking advantage of them a free pass. That's not the world I want to live in.

"The real haunted empire?  It's the New York Times." ~SockRolid

"There is no rule that says the best phones must have the largest screen." ~RoundaboutNow

Reply

"The real haunted empire?  It's the New York Times." ~SockRolid

"There is no rule that says the best phones must have the largest screen." ~RoundaboutNow

Reply
post #29 of 114
Quote:
Originally Posted by SolipsismX View Post


I see your point but if that code was designed to exploit techtarded or lazy parents then I still consider it malicious software. I'm sure you've heard the expression "There is a sucker born every minute." i don't believe that should put all the responsibly on the "sucker" and giving the unethical people taking advantage of them a free pass. That's not the world I want to live in.

 

There are of course many suckers around and gullible people too, but are you trying to say that virtually every freemium game on the app store is malware? Because they all have some hefty in app purchases that can be bought.

 

Look at the top grossing apps on the iOS app store, they're freemium games.

 

Clash of Clans makes close to a million dollars a day.

post #30 of 114

It's 1 area where others aren't copying Apple. If the majority are doing it, Apple must be doing it wrong.

Cue the "Apple is doomed" and a share price drop.

post #31 of 114
Quote:
Originally Posted by Apple ][ View Post

...but are you trying to say that virtually every freemium game on the app store is malware?

I have no idea how you jumped to that conclusion. I specifically stated an example where the developer is specifically trying to take advantage of the customer.

In-app purchases have extensive benefits for users. For instance, since Apple doesn't allow trial versions and having a free app and then a full app looks sloppy some App Store vendors have created their free trial app with an in-app purchase that will unlock all the features of the full app. This is a great solution.

"The real haunted empire?  It's the New York Times." ~SockRolid

"There is no rule that says the best phones must have the largest screen." ~RoundaboutNow

Reply

"The real haunted empire?  It's the New York Times." ~SockRolid

"There is no rule that says the best phones must have the largest screen." ~RoundaboutNow

Reply
post #32 of 114
Quote:
Originally Posted by Apple ][ View Post
 

 

There are of course many suckers around and gullible people too, but are you trying to say that virtually every freemium game on the app store is malware? Because they all have some hefty in app purchases that can be bought.

 

Look at the top grossing apps on the iOS app store, they're freemium games.

 

Clash of Clans makes close to a million dollars a day.

 
I wouldn't classify in app purchases as malware unless there is something that subverts password entry requirements for each purchase.  If a password is required for every purchase, then the blame has to fall on the user as they are making a conscious decision every time to make that purchase.  It'd be different if a purchase was made with just single click with no other logic check.
post #33 of 114
Number of iOS users 500 Million who are high value targets vs vast number of low value targets, users, says the number of users is a weak decision component to malware developers. It's the enormous security weaknesses in Android and the near total lack of meaningful SW OS updates, in other words, it is easy to do malware on Android.

This harkens back to Windows in the 90s and early new millennium. The utter apathy and indifference by Google, HW OEMs, and ISPs is embarrassing. But the silence of the tech media to raise the issues is equally embarrassing.

When the press make this a real concern, then the industry will respond, unfortunately, this won't get addressed until something(s) awful happens.
post #34 of 114

 

Had to laugh at the reviews. If you are stupid enough to buy an Android phone, you are stupid enough to fall for a placebo app.

post #35 of 114
Quote:
Originally Posted by SolipsismX View Post


I have no idea how you jumped to that conclusion. I specifically stated an example where the developer is specifically trying to take advantage of the customer.

 

Ok, i guess that I just misread or misunderstood what you were trying to say.

post #36 of 114
Quote:
Originally Posted by Evilution View Post
 

 

Had to laugh at the reviews. If you are stupid enough to buy an Android phone, you are stupid enough to fall for a placebo app.

 

You mean like with the iOS 5.0 update where it changed the 3G icon to a 4G and a bunch of iPhone users swore how much faster the connection was when the only thing that changed was the icon?

post #37 of 114
Quote:
Originally Posted by mistercow View Post

2)The scam app doesn't cause any inherent security issues with Android itself.

That's a bit of a stretch. I would consider software knowingly giving its users a false sense of security, a security issue.
post #38 of 114
Quote:
Originally Posted by nagromme View Post

What amazes me is that I always assumed the official Google Play Store itself was free of malware (or very nearly, comparable to Apple). So you're safe if you avoid third-party sources.

But apparently that was never true!

Follow the money: malware writers are doing this because it works.

Search for "android botnet" for a fun time.

hit rate for use of third party app stores would not make it worth their time to write malware.

"Building for the future?! They should be running around reacting to the present!" -John Moltz
Reply
"Building for the future?! They should be running around reacting to the present!" -John Moltz
Reply
post #39 of 114
Quote:
Originally Posted by JupiterOne View Post


That's a bit of a stretch. I would consider software knowingly giving its users a false sense of security, a security issue.

 

Having a false sense of security doesn't reduce the actual security of the system.  For example, a house with a security alarm that puts a sign up that says "This house is secured by XX" is no more secure than a house that has the same alarm system but doesn't put up that sign.

post #40 of 114
Quote:
Originally Posted by nagromme View Post

What amazes me is that I always assumed the official Google Play Store itself was free of malware (or very nearly, comparable to Apple). So you're safe if you avoid third-party sources.

But apparently that was never true!

Follow the money: malware writers are doing this because it works.

Search for "android botnet" for a fun time.
Quote:
Originally Posted by snova View Post

hit rate for use of third party app stores would not make it worth their time to write malware.

According to the most recent real data the rate of actual malware infection from Google Play apps is only .001% which is probably not far off from Apple's App Store.
http://www.phonearena.com/news/Google-says-less-than-.001-of-Android-malware-evades-Google-Play-security-to-cause-harm_id47960
melior diabolus quem scies
Reply
melior diabolus quem scies
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: General Discussion
AppleInsider › Forums › General › General Discussion › Mobile malware authors 'almost exclusively' focused on Android in 2013, says Symantec