McAfee confirms Android the number one target for Malware

Android is very often top of the popularity charts these days, so it should come as no surprise that the OS now also takes the top spot for mobile malware also.

Android now has 3 times as much malware as the second-placed platform, Java ME, with the number increasing by 76% this quarter.

“The rapid rise in Android malware in Q2 indicates that the platform could become an increasing target for cybercriminals,” Vincent Weafer, senior vice president of McAfee Labs.

“As we watch steady, significant growth in the mobile-malware threat landscape, many of the same functions and features of PC-based threats are already part of the codebase,” McAfee said.

“Mobile threats already take advantage of exploits, employ botnet functionality, and even use rootkit features for stealth and permanence,” it said.

“The platform could become an increasing target for cybercriminals, affecting everything from calendar apps and comedy apps to SMS messages and fake Angry Birds updates.”

Particularly malicious is premium SMS senders such as Android / Jmsonez.A. which poses as a calendar app and sends premium SMS messages whenever the user tries to change the date, and monitor and deletes confirmation messages so users do not detect the activity.

The most common vector is still modified apps in the Android Market.  Google has so far only taken a reactive approach to the problem, removing apps after users complain, but not implementing policies and procedures to prevent infected apps from being uploaded to the Android Market in the first place.

This policy is the opposite to curated app stores like the iPhone App Store or the Windows Phone 7 marketplace, where applications are rigorously tested before being made available to users.

Read the full report here.