The Android platform is currently the top selling mobile platform in the U.S., and in quarter four of 2010 smartphones began to outsell PC platforms worldwide. Android was even recently picked up as the choice platform for the U.S. Department of Defense. With the ubiquitousness of Android growing, naturally it and other smartphone platforms will become prime targets for malware authors. Be it for fun or for profit, stealing your information, sending you spam, and other malicious activity, has been a widespread problem in the computing world for years. It is only natural that as smartphones know even more about their users than traditional PC platforms, and have access to additional features such as text messaging and GPS data, that they will be become juicy targets for high tech criminals.
This past year has seen new developments in Android malware both in the wild and by researchers intent on raising awareness and improving the state of security. The Droid Dream attack against Android in early 2011 made headlines for being the first known malware infection inside of the official Android market. The malware was packaged with seemingly legitimate applications, but once installed, the apps turned Android phones into drones in a mobile botnet. This attack had been foreshadowed by security researchers when Jon Oberheide uploaded a proof of concept app to the Android market disguised as an inside look at the upcoming Twilight movie. Though malware analysists and network security experts have been combating botnets for years, smartphones open new avenues of both attack and control, that experts simply don’t have as much experience analyzing. For example security researchers have created proof of concept smartphone botnet scenarios that use text messaging (SMS) for command and control mechanisms.
