Malware authors target Android phones

Researchers report the number of malicious apps available on the Google Play store continues to grow. Your best defense is a security app, a cautious approach to downloads, and a close eye on your bank and credit card statements.

Most of us do whatever we can to avoid coming into contact with malware. Ispends his workdays attracting the stuff.

As Blue Coat Systems Director of Threat Research, Brandt uses a "honey pot" Internet server intended to catch malware purveyors in the act. While Brandt was demonstrating the honey pot to me, I told him it was as if he were living on the edge of a volcano.

"It's more like watching a bank of video security cameras focused on a high-crime area," he said. Brandt's surveillance server is completely sandboxed, which allows his team of security analysts to keep tabs on the doings of the Internet's bad guys without any risk to real data or systems.

Brandt described a recent encounter he had with a malicious app that found its way onto his Android phone. "I had downloaded an unrelated app a few hours earlier. [Out of nowhere], I get a text message on the phone thanking me for subscribing [to a $4-a-month service]." The malware had managed to sign Brandt up for the subscription from his phone without requiring any permissions.

"If it hadn't been for that message, I would have had no notice of the unauthorized charge until I saw it on my credit card bill," Brandt explained. This highlights two of the things phone users need to do to protect themselves: keep a close watch on their bank and credit card statements, and respond right away to challenge illegitimate charges.

Without a security app, your phone is exposed

The convergence of phone malware and workers connecting their phones to organizations' internal networks is causing IT managers to lose sleep, according to Brandt. "BYOD [Bring Your Own Device] makes it nearly impossible for IT to prevent their networks from being exposed," he explains.

According to security firm RiskIQ's recent study, the number of malicious apps on the Google Play store increased by 388 percent from 2011 to 2013. Meanwhile the percentage of malware apps removed by Google each year went from 60 percent in 2011, to just 23 percent in 2013. The percentage of malware apps on the Google Play store jumped from 3 percent in 2011 to 9 percent in 2012, and to almost 13 percent in 2013, according to RiskIQ's research.