Its availability on multiple platforms and ease of customization has made the open source Android operating system a go-to for a majority of mobile users. But that also includes attackers.
As such, the FBI and U.S. Department of Homeland Security (DHS) have been compelled to release an official bulletin (PDF) to first responders that examines threats facing Android users, namely SMS trojans, rootkits and fake Google Play domains.
The document, addressed to police, fire, EMS and security personnel, is dated July 23 and recently was posted the Public Intelligence information website.
According to authorities, nearly 44 percent of Android users are still operating versions 2.3.3 through 2.3.7 – known as "Gingerbread" and released in 2011 – so users should update to the current version of Android to defend against previously addressed vulnerabilities.
SMS trojans account for nearly half of the malicious applications on older versions of Android. They operate, unbeknownst to users, by sending text messages to premium-rate numbers owned by crooks, resulting in huge charges for the mobile owner. This costly malware can be defended against by installing an Android security suite, which can be downloaded for free, according to the bulletin.
Rootkits, meanwhile, log users' locations, keystrokes and passwords and are hidden from normal forms of detection, which make them a difficult threat to handle.
And Android owners who enjoy downloading games, movies and more from Google Play should take care to avoid fake, unofficial domains hawking applications, the document said. Cyber criminals will often deceive users by presenting authentic-looking apps on these sites that, when downloaded, infect the mobile device with malicious software.
According to the release, Android malware accounted for 79 percent of threats to mobile operating systems in 2012, while Symbian was responsible for 19 percent. iOS Windows Mobile, BlackBerry and “others” each accounted for less than one percent.