Google’s Android operating system (OS) has been found to be the most popular in a particularly undesirable arena for a change, as the most popular OS for mobile malicious programs or malware.

According to Kaspersky Lab, the Android platform has overtaken other platforms as being a prime target for cybercriminals who are increasingly targeting mobile devices.

The company elaborated that in September, the number of newly discovered malware for Android-based devices increased by more than 30%. Even more disturbing is another trend in mobile malware, with an increasing number of malicious mobile apps targeting users’ personal data.

Kaspersky Lab elaborated that in October, the number of malicious Android apps trying to steal personal data rose to 34%. Additionally, these malicious mobile programs can become available on the Android Market. This is exacerbated by the fact that apparently, they can also be hidden within seemingly benign and legitimate programs.

Hidden, but dangerous

Kaspersky elaborated that one example of a malicious app distributed through the official store is Trojan Spy.AndroidOS.Antammi.b. This program, masquerading as a simple app for downloading ringtones, appeared on the Android Market only to be removed after notification from Kaspersky Lab.

 

The “cover” program is designed for users in Russia, who use it to send text messages to a paid service to receive back desired tunes. This activity is perfectly legitimate - however, the malicious payload activity was simultaneously going on in the background.

 

The company explained that, like traditional desktop malware, Antammi.b steals almost everything from contacts, texts, GPS coordinates and even photos. The activity log is then sent to the criminal behind the scam via an e-mail message, and the data is uploaded to a server.

 

The unrequited love-story being played out by the cybercriminal world and the Android platform is not surprising - due to the platform’s leading market share, flexibility and openness. This is a double edged sword though, as there can also exist a lack of control over software distribution.

 

Equally disturbing evidence of this was the tasteless dogfighting app, which was eventually removed from the Android Market after complaints by animal rights groups and the public at large.

 

 

The result of both these factors is a share of Android-based malicious programs among all mobile malware currently being higher than 46%, and growing rapidly.

More worrying is the fact that, apart from stealing personal data, sending texts, and making calls to premium numbers, mobile malware is also targeting banking services, which often send one-time passwords and confirmation codes to mobile phones. Detailed analysis of such a malicious program –called Zeus-in-the-Mobile – can be found here.

 

What this all amounts to is the need for Android users to be more vigilant about their downloads, and ensure that, like their PC, their mobile device is also protected.

 

In recent news, Kaspersky commented on the infection of military aircraft by a virus, while Google unveiled its latest iteration of Android, named Ice Cream Sandwich.