Google Android may be on its way to becoming the Honda Accord of phones: incredibly popular, but also the most targeted by thieves.
According to anti-virus software developer McAfee, in their quarterly Threat Report, phones that run on Google’s Android operating system became the most popular targets for those creating malware for smartphones. Typically, this malware comes disguised as a popular game or app, meaning that victims usually install the viruses themselves.
The report lists a few examples of prolific Android viruses, some of which are more malicious than others. On the tamer end of the spectrum, Android/Smsmecap. A sends irreverent comedic text messages to all the contacts in the victim’s address book. “Since May 21,” reports McAfee, “the date of the purported ‘Rapture,’ it has sent messages in a mocking tone.”
That would be embarrassing, to be sure, but necessarily costly.
A more malicious app, called Android/Jmsonez.A, disguises itself as a calendar app and sends text messages to premium-rate numbers once the victim attempts to use the program properly — otherwise it just displays a January 2011 calendar.
Another, Android/Toplank.A, comes disguised as an update to Angry Birds, and gives the attacker a backdoor into the phone, where they can “add and delete bookmarks, browser history and shortcuts,” which doesn’t sound all that dangerous on its own, but McAfee adds that the backdoor also allows the attacker to “download further software” to the phone.
The New York Times reports that this malware mostly comes from China, and could be used to “steal the identity of Android users.” One flaw in Google’s system for distributing apps, according to the New York Times, is that they do “not use a vetting process to monitor the distribution of new mobile apps.”
Just last week, we reported that both Chase and Bank of America®’s phone-based banking systems are vulnerable to phone-spoofing hacks. If this rise in malware is as bad as McAfee suggests, it likely poses a more serious threat than phone spoofing, especially to Android users who have banking applications on their phones.
Even more worrisome is the upcoming launch of the Google Wallet, which will allow Android users to store their credit card information on their phones and use the devices to make payments. A hacker with a backdoor directly to a cloud credit card would be a happy hacker, indeed.
Google declined to comment on the story to the New York Times, but one commenter suggested that Android’s security flaws were not as bad as McAfee reported, and that McAfee, like the hackers, is just going after the OS with the largest market share.