Android's popularity makes it open target for malware, says study

Android's surge in popularity has triggered an accompanying surge in malware aimed at the mobile OS, says a new study today from Fortinet.

Analyzing the malware landscape this year, the security vendor tracked a 90 percent jump in Android malware families in 2011 compared with 2010. That figure doesn't account for infection rates or severity, only the rise in malware seeking to infect Android devices.

In comparison, malware directed toward Apple's iOS rose by only 25 percent over last year.

Fortinet pointed to two reasons for the larger bull's eye painted on Android's back.

Google's OS has shown a dramatic increase in market share over the past year, surpassing iOS, Nokia's Symbian, RIM's BlackBerry, and other mobile platforms. A recent Gartner report pegged Android's share of the global smartphone market at 52.5 percent, followed by Symbian with 16.9 percent and iOS with 15 percent. As the leading smartphone OS, Android has naturally become a bigger target for cybercriminals.

But Google's open development platform has also played a role in Android's appeal to malware writers.

"FortiGuard Labs has found approximately five times the amount of malicious families on the Android OS versus what we've found on iOS," Axelle Apvrille, senior mobile anti-virus researcher at Fortinet, said in a statement. "We believe that this disparity can be attributed to the way Apple handles iOS application development and distribution. Unlike Android, which makes it fairly easy to place applications for people to download, iOS requires developers to undergo some strict screening from Apple before the application can make it to the Apple Store."

The report noted that iOS isn't totally immune from malware. As an example, Fortinet cited the Eeki banking worm, a malicious app that specifically hunts for jailbroken iPhones. But still, Apple's more closed approach has make it less of a target for security threats.

Looking at the greatest number of malware samples received and analyzed by FortiGuard Labs, the report described the top five malware families directed toward Android devices.

1. Geinimi. Android's first botnet can send out a user's location and control the person's phone to call a certain number, explained Fortinet.
2. Hongtoutou. A Trojan in the form of live wallpaper, this malware can steal private information, such as a user's subscriber number (IMSI), and access malicious Web sites.
3. DroidKungFu. This botnet is multifaceted in that it can remotely install other malware, launch specific apps, and add bookmarks.
4. JiFake. This phony IM app can send messages to premium phone numbers.
5. BaseBridge. This Trojan can also send SMS messages to premium numbers.

Certain malware, such as BaseBridge, was found on Android Market before Google removed it. Some malicious apps try to disguise themselves as legitimate, while others actually sneak into legitimate apps.

"DroidKungFu was an example of malware that was found repackaged in a legitimate VPN utility, whereas Geinimi was found within the legitimate application 'Sex Positions,'" Fortinet malware analyst Karine de Ponteves said in a statement.

Android has certainly gotten its fair share of lumps lately from several security vendors.

McAfee, Symantec, Juniper Networks, and others have all issued reports pointing to vulnerabilites in Google's OS due to its rising popularity and open environment. Many people have discounted such reports, saying that the antivirus vendors are just trying to drum up sales of their own products by scaring people.

So, is the Android criticism deserved? Well, obviously Google doesn't think so.

Chris DiBona, Google's open-source programs manager, recently referred to the antivirus vendors as "charlatans and scammers," claiming that mobile operating systems such as Android, IOS, and BlackBerry, don't need antivirus software.

"Virus companies are playing on your fears to try to sell you BS protection software for Android, RIM, and, iOS," DiBona said on Google+. "They are charlatans and scammers. If you work for a company selling virus protection for Android, RIM or iOS, you should be ashamed of yourself."

In response, some of the security vendors defended their findings and their products, pointing to such malicious apps as DroidDream that infected more than 100,000 Android users.

Kapersky Labs acknowledged that security software is still not a necessity on mobile devices as it is on PCs but advised people to "consider using them if they're concerned about the information they store on their devices and the security transactions they perform with it."