Android devices have now beat out Window devices with the most infections. Interesting that Apples iOS devices don’t even show up. This confirms what I have been saying about the excellent security on iOS devices.
Trojan that steals usernames, passwords and credit card information and uploads the information to a remote command & control server
In mobile networks we found that 0.52% of devices were infected with high threat level malware. This is slightly up from the 0.50% we reported last quarter. The vast majority of infected devices are either Android phones or Windows laptops tethered to a phone on connected directly through a mobile USB stick or MIFI hub. The infection rate among Android devices is actually over 1.0%.
There has been a sharp increase in infections in the last quarter even tho Android has introduced new security features. Kindsight Security Labs reports that there are still major failures in the new security features.
The Android security model has been known to be weak for some time, but research has turned up additional weaknesses in the handling of application signatures . All Android application must be signed cryptographically. Normally this would allow you to verify the identity of the application’s author and verify that the application has not been tampered with. Unfortunately on Android there are serious problems with this:
As part of our demonstration at the Black Hat 2013 conference, we will show how to take a popular Android game, inject a SpyPhone service into it and then sign it for distribution . The victim has
no way of knowing that the app has been tampered with and can only assume that they have a legitimate copy of the game .
You can read the full PDF report at: