Android devices are now attacked more often by malware than PCs, according to a report released today by Sophos, a cyber security software maker. It said that almost 10 percent of Android devices in the U.S. have experienced a malware attack over a three-month period in 2012, compared to about 6 percent of PCs.
With 52.2 percent of the smartphone market in the United States, Android has become a tempting target. "Targets this large are difficult for malware authors to resist," the report said. "And they arent resisting attacks against Android are increasing rapidly."
[ Understand how to both manage and benefit from the consumerization of IT with InfoWorld's "Consumerization Digital Spotlight" PDF special report. | Subscribe to InfoWorld's Consumerization of IT newsletter today. ]
Sophos noted that the most common malware attack on Android involves installing a fake app on a handset and secretly sending expensive messages to premium-rate SMS services.
Cyber criminals have also found ways to subvert two-factor authentication used by financial institutions to protect mobile transactions, according to the report. They do that by planting eavesdropping malware on a handset to obtain the authentication code sent to a phone by a bank to complete a transaction.
During 2012, the report said, hackers showed ambition by attacking more platforms, social networks, cloud services, and mobile devices and nimbleness by rapidly responding to security research findings and leveraging zero-day exploits more effectively.
In addition, hackers attacked thousands of badly configured websites and databases, using them to expose passwords and deliver malware to unsuspecting Internet users, the report noted. More than 80 percent of all "drive-by" attacks on unsuspecting Web surfers occur at legitimate websites, according to the report. It explained that attackers hack into legitimate websites and plant code that generates links to a server distributing malware. When visitors arrive at the legitimate site, their browser will automatically pull down the malicious software along with the legitimate code from the website.
The Sophos report also identified the five riskiest and safest countries in the world for experiencing malware attacks. Hong Kong was the riskiest country, with 23.54 percent of its PCs experiencing a malware attack over a three-month period in 2012. It was followed by Taiwan (21.26 percent), the United Arab Emirates (20.78 percent), Mexico (19.81 percent), and India (17.44 percent).
Norway (1.81 percent) was the safest country against malware attacks, followed by Sweden (2.59 percent), Japan (2.63 percent), the United Kingdom (3.51 percent), and Switzerland (3.81 percent).
"The PC remains the biggest target for malicious code today, yet criminals have created effective fake antivirus attacks for the Mac," the report said. "Malware creators are also targeting mobile devices as we experience a whole new set of operating systems with different security models and attack vectors," it added.