Early bird prices are coming to an end soon... ⏰ Grab your tickets before January 17

This article was published on December 4, 2012

Sophos declares 2012 the year of Android and Mac malware, as cybercriminals look beyond Windows


Sophos declares 2012 the year of Android and Mac malware, as cybercriminals look beyond Windows

Sophos on Tuesday released its Security Threat Report 2013 which, much like how newly released cars are named, was actually put together this year. The 40-page document is extensive, but only one takeaway is really worth noting: 2012 is the year of new platforms and modern malware, meaning the once homogeneous world of Windows systems has become a landscape made up of diverse platforms, and cybercriminals have adjusted accordingly, in particular by increasingly targeting Android and OS X.

Sophos called Android “today’s biggest target” and went over a few examples. The security firm noted that currently the most common business model for Android malware attacks is to install fake apps that secretly send expensive messages to premium rate SMS services.

This is in line with what McAfee recently found: Android.FakeInstaller, also known as OpFake, which generates revenue by silently sending expensive text messages in the background, makes up more than 60 percent of Android samples the company processes. As such, avoiding fake apps should be your number one priority when trying to avoid malware on Android.

That being said, the threat is definitely a growing one as Sophos notes in this graphic comparing Android to PCs:

As for the Mac, Sophos stated “More users, emerging risks.” Although it hardly has the market share of Android, since OS X is slowly growing its user base, threats for it are also slowly growing.

Sophos, of course, reminds us of Flashback, the Mac malware that infected hundreds of thousands of Apple computers back in April. Flashback was of course an extreme case, but it wasn’t an anomaly.

Mac malware is evolving at a rapid clip. It is becoming much more sophisticated, and as a result, much more dangerous, Sophos notes. This analysis follows what we’ve seen, although it’s worth noting Mac malware nowadays tends to be either targeted or as part of a cross-platform threat

In any case, Sophos points out that Mac malware is also definitely growing:

It’s worth noting that the Mac section was longer than the Android section. Compromising a computer is currently still more damaging than compromising a smartphone, although this will undoubtedly change in due time.

Two big statistics stood out in the report. The first is that more than 80 percent of attacks in 2012 were redirects, the majority of which were from legitimate websites that were hacked. This is not really surprising in itself, as it makes sense for cybercriminals to throw as many veils as possible over their victims’ eyes, but it is still important to remember: if something seems amiss, it probably is.

The second statistic is related: the Blackhole Exploit Kit represented 27 percent of exploit sites and redirects in 2012. As we’ve mentioned on TNW a few times, Blackhole is the most popular Web threat tool for distributing various types of malware with the help of a multitude of exploits, but it’s still impressive to see that more than one in four of attacks use it.

Sophos also gave a glimpse at what it expects to happen in 2013; unsurprisingly, the company expects increased availability of malware testing platforms will make it more likely for malware to slip through traditional business security systems, and as a result, an increase in the number of successful attacks gaining access to corporate networks. The company also listed five trends, but only one of them stood out to us: with GPS and NFC becoming more integrated into mobile platforms, it’s worth watching out for new examples of attacks built on these technologies.

Actually, we’ve already seen evidence of this, so more such malware would not surprise us in the slightest.

See also: FinFisher malware goes mobile: Infects Android, iPhone, BlackBerry and Security researchers hack Android via NFC to gain full control, steal data from a Samsung Galaxy S3

Oh, and just for fun: Sophos antimalware software detects itself as malware, deletes critical binaries

Image credit: George Crux

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with