U.S. DHS, FBI warn of malware threats to Android mobile devices

In an unclassified roll call release for police, fire, ems, and security personnel, dated July 23, 2013, the U.S. Department of Homeland Security and Department of Justice reports on “Threats to Mobile Devices Using the Android Operating System.”

Android is the world’s most widely used mobile operating system (OS) and continues to be a primary target for malware attacks due to its market share and bpen source architecture. Industry reporting indicates 44 percent of Android users are still using versions 2.3.3 through 2.3.7 – known as Gingerbread – which were released in 2011 and have a number of security vulnerabilities that were fixed in later versions. The growing use of mobile devices by federal, state, and local authorities makes it more important than ever to keep mobile OS patched and up-to-date.

(U//FOUO) Threats to Mobile Devices Using the Android Operating System

The report also outlines some known security threats to mobile OS and mitigation steps, including:

SMS (Text Message) Trojans represent nearly half of the malicious applications circulating today on older Android OS. Sends text messages to premium-rate numbers owned by criminal hackers without the user’s knowledge, potentially resulting in exorbitant charges for tile user.

Rootkits are malware that hide their existence from normal forms of detection. In late 2011, a software developer’s rootkit was discovered running on millions of mobile devices. Logs the user’s locations, keystrokes, and passwords without the user’s knowledge.

• Fake Google Play Domains are sites created by cybercriminals. Google Play enables users to browse and download music, books, magazines, movies, television programs, and other applications. Tricks users into installing malicious applications that enable malicious actors to steal sensitive information, including financial data and log-in credentials.

Read more in the full report here.

MacDailyNews Take: “Open.” For malware.

[Thanks to MacDailyNews readers too numerous to mention individually for the heads up.]

Related articles:
Android app malware rates skyrocket 40 percent in last quarter – August 7, 2013
First malware found in wild that exploits Android app signing flaw – July 25, 2013
Mobile Threats Report: Android accounts for 92% of all mobile malware – June 26, 2013
Latest self-replicating Android Trojan looks and acts just like Windows malware – June 7, 2013
99.9% of new mobile malware targets Android phones – May 30, 2013
Mobile malware exploding, but only for Android – May 14, 2013
Mobile malware: Android is a bad apple – April 15, 2013
F-Secure: Android accounted for 96% of all mobile malware in Q4 2012 – March 7, 2013
New malware attacks Android phones, Windows PCs to eavesdrop, steal data; iPhone, Mac users unaffected – February 4, 2013
FBI issues warning over Android malware attacks – October 15, 2012
Researchers discover serious flaw in Android app security, say HTC and Samsung ignore issue – September 28, 2012
Apple’s iPhone has passed a key security threshold – August 13, 2012
Android permissions flaw allows eavesdropping, data theft, location tracking – December 2, 2011
Massive HTC Android security flaw leaves security expert speechless – October 2, 2011
Apple’s iOS unaffected by malware as Android exploits surge 76% – August 24, 2011
Android malware records phone calls; iPhone users unaffected – August 2, 2011
Symantec: Apple iOS offers ‘full protection,’ Google Android ‘little protection’ vs. malware attacks – June 29, 2011
Malware apps spoof Android Market to infect Android phones – June 21, 2011
Google forced to pull several malware-infested apps from Android market – June 8, 2011
Android malware sees explosive growth; even faster than with PCs – April 27, 2011
Virus-laden apps infest Google’s ‘open’ Android platform; iPhone unaffected – March 3, 2011
Security firm warns of new Android trojan that can steal personal information; iPhone unaffected – December 30, 2010
Trojan infects Android smartphones; iPhone unaffected – August 10, 2010
Millions of Android phone users slammed by malicious data theft app – July 29, 2010
Unlike proactive Apple, reactive Google doesn’t block malware from Android app store – June 4, 2010
Malware designed to steal bank information pops up in Google’s Android app store – January 11, 2010


    1. Maybe they altered it, but currently it says “Apple’s iOS accounts for only 0.7% of mobile malware” and link redirects to P.E.D.’s opinion page, and since he covers “The business that Steve Jobs built” it sort of makes sense to headline it that way. But I was right there with you on the reaction that headlines would point more towards Apple than Android — this time, at least, that seems to not be the case.

      1. More importantly, what is this 0.7%? I read MDN and several other Apple-related websites and don’t remember ANY malware ever being described for a non-jailbroken iOS device.

  1. “The growing use of mobile devices by federal, state, and local authorities makes it more important than ever to keep mobile OS patched and up-to-date,” which is usually not possible when using an Android device.

    1. Wouldn’t you think their conclusion would be better stated this way: “The growing use of mobile solutions by federal, state and local authorities makes it more important than ever to avoid the mobile OS that has the majority of malware.”

  2. This so amusing. There are all sorts of laws, standards and evaluation bodies protecting people (preparation of canned goods to prevent botulism, grounding of electrical wires to prevent electrical shock) but nada, zip nothing for software. Anyone and their dog can write up some code and sell it, there is no software certification body that the public can rely on (although Apple gets the thumb’s up).

    The DHS, FBI is reduced to warning people of threats and cannot recommend to the public to use “certified safe software” because no such thing exists.

    Amusing to say the ever least, the difference between sex and software, you can have safe sex.

        1. I think Windows 98 was the most recent one running DOS. Windows XP and everyone since then runs the Windows NT core. The command prompt found today in Windows is basically a DOS emulator.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.