Android malware rise could be 'game changer,' warns F-Secure

IT managers are in for more sleepless nights as Androids invade enterprise

IT managers spend many sleepless nights worrying about the security risks being introduced by employees who bring their own devices. And a new report from F-Secure showing a marked rise in Android malware is not going to help them sleep any better.

The report found that mobile malware developers are zeroing in on the Android operating system, much like earlier malware authors focused their efforts on Microsoft's (NASDAQ: MSFT) Windows, F-Secure warned.

Android was targeted by 91 percent of new mobile threat families, the number of which increased by 49 percent in the first quarter of 2013, compared with the previous quarter, according to F-Secure's MobileThreat Report Q1 2013.  

In addition, this year saw the first Android threat distribution outside of apps through email spam, the first targeted Android attacks, and the first Android advanced fee fraud scam.

Sean Sullivan, security advisor at F-Secure Labs, commented: "Until now, I haven't worried about my mother with her Android because she's not into apps. Now I have reason to worry because with cases like Stels, Android malware is also being distributed via spam, and my mother checks her email from her phone."

The Stels trojan targeting Android is distributed through fake IRS emails using a crimeware kit to steal sensitive information from the smartphone and make calls to premium numbers. Stels adopted a spam module and shifted its distribution to the Cutwail botnet, which has been involved in leading victims to the Blackhole exploit kit. Stels "could be a game changer," Sullivan warned.

"Android is experiencing the same fate as Windows, where its huge market share works in both good and bad ways. Such popularity certainly translates well in terms of sales, but it also appeals to the maliciously minded crowds," the F-Secure report noted.

"Malware authors see plenty of opportunities yet to be explored on the relatively new and growing platform. And they are drawing inspiration from Windows malware's approaches, which is why we are now seeing trends such as commoditization of malware services, targeted attacks and 419 scams popping up in the mobile threat scene," the report concluded.

Android is currently dominating the smartphone market, with three-quarters of the market share, according to the latest Gartner figures. This is translating into more and more Android devices finding their way into the enterprises. As the threats to Android increase, so do the risks to the enterprise.

For more:
- read the F-Secure report

Related Articles:
Symantec: Majority of enterprises report at least one mobile security incident in the past year
Data loss tops corporate concerns about BYOD security, survey finds