McAfee: Nearly All New Mobile Malware In Q3 Targeted At Android Phones

Intel-owned McAfee has released its third quarter security report, which shows that malware targeted towards phones running on the Android operating system continues to be on the rise. According to the report, Android OS solidified its lead as the primary target for new mobile malware. The amount of malware targeted at Android devices jumped nearly 37 percent since last quarter, and puts 2011 on track to be the busiest in mobile and general malware history. Nearly all new mobile malware in Q3 was targeted at Android. This follows a 76 percent rise in Android malware in Q2 of 2011.

At the end of 2010, McAfee predicted that malware would reach the 70 million unique samples by the end of 2011 but has increased this prediction to 75 million unique malware samples reached by year’s end, which is the busiest in malware history, says McAfee.

As mentioned above, McAfee says that malware authors are capitalizing on the popularity of Android devices (and perhaps the security flaws as well) this quarter. The Android platform was the only mobile operating system for all new mobile malware in Q3. One of the most popular forms of trickery in Q3 was SMS-sending Trojans that collect personal information and steal money. Another new method of stealing user information is malware that records phone conversations and forwards them to the attacker.

Other types of security attacks are also on the rise. Fake Anti-Virus (AV), AutoRun and password-stealing Trojans have bounced back strongly from previous quarters, while AutoRun and passwords stealers remain at relatively constant levels. Mac malware also continues to grow, though not as quickly of an increase in Q2.

Web threats are also a common way for attackers to prey on unsuspecting victims. Websites have bad or malicious reputations for a variety of reasons, and are often influenced by the hosting of malware of phishing sites. The number of “bad sites” dropped a bit, from an average of 7,300 new bad sites in Q2 to 6,500 new bad sites in Q3.

While spam still remains at its lowest levels since 2007, spearphishing, or targeted spam, is becoming highly sophisticated and effective, resulting in an elevated threat level. While overall botnet infections dropped slightly in Q3, they seemed to have shown a significant increase in Argentina, Indonesia, Russia and Venezuela. As for the botnets that were the most damaging, Cutwail, Festi and Lethic lead the pack, while previous frontrunners Grum, Bobax and Maazben declined.

Social engineering is also a lure used in targeted attacks that depend greatly on geography and language. Attackers show insight into what works in different cultures and regions – not just globally but also seasonally, and can vary by month, season or holiday. In the United States, “Delivery Service Notifications” (or fake error messages) are the most popular, while in the United Kingdom “419 scams” reign supreme. In France, phishing scams dominate, while drug spam is the most popular lure in Russia.

Of course, we all know that Hacktivist attacks have been increasing and were primarily launched by the Anonymous group in Q3. One clear differentiator from past quarters is that the goals were not as abundantly transparent as in previous quarters. The report highlights hacktivist activity from Q3, with at least 10 high-profile attacks at the hands of Anonymous, including attacks against the Arizona Fraternal Order of Police, Booz Allen Hamilton, Bay Area Rapid Transit, Austrian Police and Goldman Sachs.

It should be interesting to see what 2012 has in store for security attacks.