Report: Android sees 400% surge in malware

Tools

Android malware has jumped 400 percent since the summer of 2010, says a new report from Juniper Networks Global Threat Center.

The report contributes the malware surge to users who are "unaware, disinterested or uneducated" in mobile security. In addition, a large number of downloads are coming from unknown sources and few smartphones are running security software.

"Consumers can expect to see more advanced malware attacks against the Android platform," according to the report. These attacks include "command and control zombies and botnet participators, devices that are remotely controlled to execute malicious attacks."

Meanwhile, researchers at Germany's University of Ulm claim that 99 percent of Android devices are vulnerable to attack when they're used to log into a site on an unsecured network.

The researchers said that devices running on Android 2.3.3 or older are vulnerable because of a faulty ClientLogin authentication protocol. ClientLogin is "meant to be used for authentication by installed applications and Android apps," the report said. "Basically, to use ClientLogin, an application needs to request an authentication (authToken) from the Google service by passing an account name and password via an https connection."

That means when a user logs into sites like Facebook, Twitter or Google Calendar, the information is saved for up to 14 days. As such, attackers can use that information to access their accounts.

For more:
- see this eWeek article
- read this PCMag article

Related Articles:
Motorola, Good Technology and Sprint take aim at Android security, device management
Webroot offers security for Android smartphones
McAfee: 2010 saw steady growth in mobile malware
Survey: SMBs not addressing smartphone security
Juniper Networks introduces smartphone security software
2011 expected to bring another smartphone security headache: Mobile apps
Smartphones: The next big security threat