With the recent announcement of an easy way to gain root access for Android phones running 2.3.4, to add to the list of similar exploits for earlier versions and 3.0 and beyond, it should come as no real surprise that the bad guys are taking advantage of the relative weakness of the Android OS when compared to iOS devices.
According to the latest FortiGuard Labs report looking at the top five Android Malware Families, there are approximately five times the number of malicious families on the Android OS as compared Apple's iOS. Of course, some of this will be down to market share considerations as Android devices now accounts for 52.2% of global smartphone OS market share whereas iOS on 18% is in third place behind Symbian.
But it does not account for the sheer scale of the Android malware explosion which, according to Axelle Apvrille who is a senior mobile anti-virus researcher at Fortinet, can be attributed to "the way Apple handles iOS application development and distribution. Unlike Android, which makes it fairly easy to place applications for people to download, iOS requires developers to undergo some strict screening from Apple before the application can make it to the Apple Store. That's not to say that Apple is totally immune from being infiltrated by malware - the Eeki banking worm proves that - but it is a testament to why we're seeing so little activity on the iOS platform".
Comparing 2011 to 2010, the FortiGuard Labs researchers noticed a 90% increase in Android malware families year on year. iOS malware families only increased by 25%, although neither figure takes account of actual infection rates or the dangerousness of any particular malware family, so perhaps should be taken with a large pinch of salt.
Those Android rooting vulnerabilities, on the other hand, should be considered totally salt free. Only last month Jon Larimer and Jon Oberheide published a vulnerability for Android platform 2.3.6 that revealed an easy way for hackers and malicious software developers to gain and exploit root access to an Android device. The bad guys are, obviously, taking notice and once they have a method to gain root access to your mobile device the silent downloading of malicious software becomes child's play.
Anyway, the top five malware families for which FortiGuard Labs received the most samples in 2011 were:
Android's first botnet, which sends a victim's geographic location and controls his/her phone remotely. For example, Geinimi can force the infected phone call a given phone number.
A Trojan live wallpaper that steals private information such as the victim's subscriber number (IMSI) and automatically visits Websites that the malware directs it to.
Another botnet that has multiple capabilities such as remotely installing other malware, remotely starting specific applications and adding bookmarks.
A fake instant messenger application that sends SMS messages to premium phone numbers
A Trojan that sends SMS messages to premium numbers