Android phones might be popular, but they’re fertile territory for cybercriminals. According to a newly released McAfee report, phones are increasingly being infected by malware through mobile browsers.
Instead of hoping fake games or wallpaper apps make it through the industrial-strength bouncers at the Google Play store, shady criminal gangs in the U.S. and abroad are implanting hidden downloads in mobile-optimized web pages. Unfortunately, the tactic is working.
McAfee researchers found more than 4,500 pieces of new mobile malware in the second quarter of 2012, according to the report. This was a slight decrease from the first quarter of the year. The vast majority of the new malware discoveries were for Android phones, with a slight percentage instead designed for Symbian or Java ME. Barely any iPhone or iPad malware was discovered.
The latest discovery for criminals is how easy it is to infect unknowing users via mobile browsers for Android. A new piece of malware called Android/NotCompatible.A infected users who visited infected sites and were tricked into downloading fake files with names like “Android System Update 4.0.apk.” Vulnerable users without much technical knowledge were caught unaware. Unfortunately, the security etiquette adopted by most desktop or laptop computer users has not yet migrated to mobile devices.
Pat Calhoun, McAfee’s Senior Vice President and General Manager for Network Security, told Fast Company that one of the company’s biggest worries right now is a general sea change among hackers and cybercriminals. Instead of seeking maximum disruption, the firm is now seeing more individuals being targeted. “Cybercriminals are getting a lot more creative; social media sites like Facebook are being used to collect info on a target within an organization […] Hackers are getting increasingly specific in what they are looking for and are becoming much more precise,” Calhoun says.
Another portion of the report dives into something of deep sociological interest–the tactics used by spammers in different countries. Brazilian, Belarusian, German, Indian, and Russian email accounts are disproportionately flooded with drug spam. While those countries might constitute the Viagra/Cialis/Xanax belt, American email accounts are instead flooded with fake email delivery delay errors. Meanwhile, spammers love targeting French and German email accounts with letters of introduction from single women.
During the second quarter of 2012, McAfee researchers found approximately 2.7 new malware-infected URLs per month.
According to rival Norton’s annual cybercrime report, which was released today, 46% of adult Internet users have fallen victim to cybercrime in the past year. This number includes malware, viruses, hacking, scams, fraud, and theft. 31% of mobile users worldwide have been targeted by malware or rogue SMS message schemes.