With the recent announcement of an easy way to gain root access for Android phones running 2.3.4, to add to the list of similar exploits for earlier versions and 3.0 and beyond, it should come as no real surprise that the bad guys are taking advantage of the relative weakness of the Android OS when compared to iOS devices.

According to the latest FortiGuard Labs report looking at the top five Android Malware Families, there are approximately five times the number of malicious families on the Android OS as compared Apple's iOS. Of course, some of this will be down to market share considerations as Android devices now accounts for 52.2% of global smartphone OS market share whereas iOS on 18% is in third place behind Symbian.

But it does not account for the sheer scale of the Android malware explosion which, according to Axelle Apvrille who is a senior mobile anti-virus researcher at Fortinet, can be attributed to "the way Apple handles iOS application development and distribution. Unlike Android, which makes it fairly easy to place applications for people to download, iOS requires developers to undergo some strict screening from Apple before the application can make it to the Apple Store. That's not to say that Apple is totally immune from being infiltrated by malware - the Eeki banking worm proves that - but it is a testament to why we're seeing so little activity on the iOS platform".

Comparing 2011 to 2010, the FortiGuard Labs researchers noticed a 90% increase in Android malware families year on year. iOS malware families only increased by 25%, although neither figure takes account of actual infection rates or the dangerousness of any particular malware family, so perhaps should be taken with a large pinch of salt.

Those Android rooting vulnerabilities, on the other hand, should be considered totally salt free. Only last month Jon Larimer and Jon Oberheide published a vulnerability for Android platform 2.3.6 that revealed an easy way for hackers and malicious software developers to gain and exploit root access to an Android device. The bad guys are, obviously, taking notice and once they have a method to gain root access to your mobile device the silent downloading of malicious software becomes child's play.

Anyway, the top five malware families for which FortiGuard Labs received the most samples in 2011 were:
Android's first botnet, which sends a victim's geographic location and controls his/her phone remotely. For example, Geinimi can force the infected phone call a given phone number.
A Trojan live wallpaper that steals private information such as the victim's subscriber number (IMSI) and automatically visits Websites that the malware directs it to.
Another botnet that has multiple capabilities such as remotely installing other malware, remotely starting specific applications and adding bookmarks.
A fake instant messenger application that sends SMS messages to premium phone numbers
A Trojan that sends SMS messages to premium numbers

Edited by happygeek: formatting

Attachments root.jpg 25.48 KB

As Editorial Director and Managing Analyst with IT Security Thing I am putting more than two decades of consulting experience into providing opinionated insight regarding the security threat landscape for IT security professionals. As an Editorial Fellow with Dennis Publishing, I bring more than two decades of writing experience across the technology industry into publications such as Alphr, IT Pro and (in good old fashioned print) PC Pro. I also write for SC Magazine UK and Infosecurity, as well as The Times and Sunday Times newspapers. Along the way I have been honoured with a Technology Journalist of the Year award, and three Information Security Journalist of the Year awards. Most humbling, though, was the Enigma Award for 'lifetime contribution to IT security journalism' bestowed on me in 2011.

5 Years
Discussion Span
Last Post by Trigle

So basically, you're saying that, an exploit which in the pictures shows it being executed via adb shell access, which is a developer tool and only available using USB debugging mode which should be off by default. In order to allow the features which the debug bridge gives, elevation must occur and therefore some loopholes have come into effect.

This article simply seems like iOS fanboiism to me..

Edited by Trigle: n/a

Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.