Android a big target of Facebook-based attacks

Android a big target of Facebook-based attacks

Given the growing popularity of Android phones in the enterprise, this is something IT security shops must be more aware of, says Sophos.

Sophos Senior Technology Consultant Graham Cluley agrees with a BitDefender study showing Facebook as a growing attack vector for smartphone malware. Sophos has seen a similar pattern, and Android phones are often the easiest targets, said Cluley in an interview with CSO. "The iPhone operates in a more controlled environment and the BlackBerry security model is fairly strong. Because Android operates in a more open environment, it's more open to infections," Cluley said.

Given the growing popularity of Android phones in the enterprise, Cluley said this is something IT security shops must be more aware of.

The malware being sent to the phones via Facebook messages are the garden-variety spam messages that rely heavily on social engineering tactics. A Sophos threat report due out next week will dive more into the social networking threat, but the company's just-released "Dirty Dozen" spam list also mentions it.

"Spam is certainly here to stay, however the motivations and the methods are continuing to change in order to reap the greatest rewards for the spammers," Cluley said.

Earlier, BitDefender came out with a report warning that Facebook has become the biggest mobile malware threat. Spam links on social networks are infecting mobile devices via bad links on Facebook because the worms and other malware are often platform-independent and are widely spread as malware that targets PCs, the report said.

BitDefender pointed to Google statistics revealing almost a quarter of Facebook users falling for a recent scam on the social network from their mobile device. The URL that was studied was one that claimed to show users a girl's Facebook status which got her expelled from school. It generated 28,672 clicks - 24 percent of which originated from mobile platforms. Users who clicked on the link - whether on their PC or mobile device - downloaded a Facebook worm and fall victim to an adword-based money grabbing scheme.

"When data security researchers focus on finding malware specifically designed for mobile platforms, they lose sight of an important mobile platform threat source -- the social network," said George Petre, BitDefender Threat Intelligence Team Leader.

To comment on this article, please email the editor.

Follow CIO on

Twitter @cio_nz



Sign up to receive CIO newsletters.

Click here to subscribe to CIO.

Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Show Comments