Sophos warns of rising Android malware threats in 2012

Security firms Sophos has warned that Android users can expect an onslaught of attacks over the coming year as malware writers and cyber criminals switch focus to mobile devices.

In 2011 the amount of mobile malware began to rise. That trend will snowball as sales of smartphones and tablets now outstrip those of traditional PCs, Mark Harris, global director of SophosLabs told V3.

While such attacks will likely be targeted at all mobile operating systems, Android – which is becoming increasingly popular – is particularly vulnerable because of the way patches were distributed, said Harris.

"Google will issue patches for vulnerabilities to network providers, who then decide when to make it available to users," he said.

"Many of those users won't be accustomed to patching their system, which could mean an awful lot of users running versions that contain vulnerabilities."

The warning came as Sophos published its third annual Security Threat Report, which highlighted the growing risks businesses face from mobile users.

A survey carried out on behalf of Sophos showed that a third of smartphone users had not even implemented password protection for accessing the device.

Harris also warned that businesses would also face threats from new technologies such as HTML5 which offer crooks new ways to trick people in to passing on potentially sensitive data or installing malware.

The sophisticated presentation layers that can be created using HTML5 "blur the lines" between what is running on the device and what is on the internet, said Harris.

"That gives the bad guys an opportunity to trick the users into doing something unsafe," he added.

The Sophos report also highlighted the growing problem of infected web pages over the past year.

It identified that on average there were 30,000 newly-infected pages a day during 2011 – 80 per cent of which were on legitimate web servers that had been hacked.