Rapid7 did not know how many phones might have been compromised with LoozFon, said Giri Sreenivas, vice president and general manager of the company. The Trojan is likely being used extensively in counterfeit mobile apps found in unsavory online marketplaces outside the U.S. The vast majority of phone infections occur by downloading bogus apps from Android markets, particularly from China and Russia, said McAfee.
The malware risk on Android phones is a growing concern. A study released this year by Symantec found that 67% of large companies were worried about malware spreading from mobile devices to Internal networks.
McAfee reported finding in the first three months of the year 7,000 malware targeting the Android platform versus 1,000 for other mobile operating systems. By comparison, the total number of malware discovered in the middle of 2011 was in the hundreds, McAfee said. Part of the increase was due to improvements in detection.
Despite the growing threat, wireless carriers and Android device makers continue to do a poor job at patching the software, recent studies show.
Read more about wireless/mobile security in CSOonline's Wireless/Mobile Security section.