December 04, 2012, 9:00 PM — Android devices are now attacked more often by malware than PCs, according to a report released Tuesday by a cyber security software maker.
The 2013 Security Threat Report from Sophos revealed that almost 10% of Android devices in the U.S. have experienced a malware attack over a three-month period in 2012, compared to about 6% of PCs.
The situation is worse in Australia, where more than 10% of Android devices have been attacked by malware, compared with about 8% for PCs.
With 52.2% of the smartphone market in the United States, Android has become a tempting target, Sophos reported. "Targets this large are difficult for malware authors to resist," the report said. "And they arent resisting attacks against Android are increasing rapidly."
Sophos noted that the most common malware attack on Android involves installing a fake app on a handset and secretly sending expensive messages to premium-rate SMS services.
Cyber criminals have also found ways to subvert two-factor authentication used by financial institutions to protect mobile transactions, according to the report. They do that by planting eavesdropping malware on a handset to obtain the authentication code sent to a phone by a bank to complete a transaction.
During 2012, the report said, hackers showed ambition by attacking more platforms social networks, cloud services and mobile devices and nimbleness by rapidly responding to security research findings and leveraging zero-day exploits more effectively.
In addition, hackers attacked thousands of badly configured websites and databases, using them to expose passwords and deliver malware to unsuspecting Internet users, the report noted.
More than 80% of all "drive-by" attacks on unsuspecting Web surfers occur at legitimate websites, according to the report.
It explained that attackers hack into legitimate websites and plant code that generates links to a server distributing malware. When a visitor arrives at the legitimate site, their browser will automatically pull down the malicious software along with the legitimate code from the website.
The Sophos report also identified the five riskiest and safest countries in the world for experiencing malware attacks. Hong Kong was the riskiest country, with 23.54% of its PCs experiencing a malware attack over a three-month period in 2012. It was followed by Taiwan (21.26%), the United Arab Emirates (20.78%), Mexico (19.81%) and India (17.44%).
