The Android platform is the world’s most widely-used smartphone operating system. Seventy percent of the world’s smartphones run on Android, so it’s no big surprise that hackers are targeting Android. In fact, in 2012 the antivirus company Kaspersky noted that 99% of all mobile malware they found targeted Android.
Aside from the large number and android users hackers are targeting Android because, as a platform, it is more open to developers – meaning hackers have more entry points to exploit.
Malicious attacks on Android can be divided into 3 categories: SMS Trojan viruses, advertising modules and root access exploits.
The biggest risk in using an Android device would be to use it to do online banking. North American and European banks have developed fairly sophisticated 2 factor authentication and tokens but hackers are one step ahead.
According to Kaspersky:
The Zitmo family of programs is designed to attack a user’s mobile phone and can bypass the two-factor authentication systems used by European banks. These mobile malicious programs work in tandem with Zbot (ZeuS):
• First Zbot steals the username and password – to enter the online banking system from the infected computer.
• Then, during a money transfer, Zitmo – Zbot’s mobile counterpart – takes over and forwards the transaction authorization code (TAN) to the cyber-criminals.
Given the open nature of Android and the reality that the world’s Android app stores are littered with malware programs, we recommend that no one should bank online while using an Android device.