The 2014 cumulative Android threat volume is likely to double in 2015, with the number of vulnerabilities in mobile devices, platforms and apps posing more serious security risks.
This is according to a report by Trend Micro, which predicts cyber criminals will dig deeper into the gold mine of data that can be stolen from mobile devices, using this data for attacks or even selling it underground.
According to market research firm IDC, Android continues to dominate the global smartphone market, with over 255 million units shipped and nearly 85% of the market share in the second quarter of 2014.
Vulnerabilities detected by Trend Micro not only resided on devices, but had wormed their way into platforms and apps, the security solutions provider reveals.
"Mobile attackers will rely on tools similar to the Blackhole Exploit Kit (BHEK) to leverage problems like Android OS fragmentation. BHEK and similar tools that have infected (and continue to infect) computers running different operating systems will serve cyber crooks well in attacking Android devices because most users either don't or can't update their systems and software regularly," says Gregory Anderson, country manager, Trend Micro SA.
Security solutions vendor, ESET, recently discovered a Remote Access Trojan masked as several legitimate Android applications.
A common piece of advice for Android users is to refrain from downloading applications from unknown sources, says ESET. Although malware does show up at the Google Play store from time to time, it is much better controlled than on other app stores, says Carey van Vlaanderen, CEO of ESET Southern Africa.
In another report, Check Point Software Technologies says Android continues to be perceived as posing the greatest security risks. The security solutions provider also points out Android risk increased from 49% in 2013 to 64% this year, making it the platform with the greatest perceived security risk compared to Apple, Windows Mobile and BlackBerry.
Check Point notes the Android OS architecture shows the potential capture of data and information being stored and communicated on Android devices through the Binder - the message-passing mechanism in its inter-process communication tool.
"Cyber criminals can point vulnerable device users to malicious Web sites, for instance," says Anderson. "Successful exploitation can then give them access to any, or all, of the information stored in affected devices. Tailor-made Android exploit kits are known for affecting multiple platforms; should such kits target mobile devices, there is no stopping the infection of any device they have access to."
According to the report, there has been a steady rise in the number of mobile banking malware and there will be a rise in attacks targeting mobile users, pushing them to install malicious banking apps. However, the report also states installing malicious apps and visiting malicious Web sites will no longer be the sole mobile infection vectors.
Share