Android malware shot up 76 percent in the second quarter, overtaking Nokia's Symbian to become the most attacked mobile operating system in the world.
In Tuesday report, McAfee discovered 44 attacks on Android last quarter, compared to 14 on Java 2 Micro Edition (J2ME), and four each for Symbian and BlackBerry. Apple's iOS reported none, despite its popularity.
PCMag security analyst Neil Rubenking said Apple's iOS was a "tightly controlled operating system with huge amounts of protection against malicious meddling." Jailbreaking your iPhone, however, makes it as vulnerable as an Android device. On the other hand, Rubenking said Android was "crazy vulnerable."
"While Symbian OS and Java ME remain the most targeted to date, the rapid rise in Android malware in Q2 indicates that the platform could become an increasing target for cybercriminals, affecting everything from calendar apps, to comedy apps to SMS messages to a fake Angry Birds updates," McAfee wrote in a statement.
Android malware is becoming as sophisticated as PC-based threats, taking advantage of exploits, employing botnets, and using rootkits "for stealth and permanence," McAfee said.
Android malware was often discovered in tainted apps that appear legitimate and are generally distributed in third-party app stores. While some aim to steal credit card information, McAfee found an increasing number of poisoned apps that send text messages to premium services or sign users up for premium subscription services.
For instance, the app "iCalendar" contains a Trojan known as Android/Jmsonez.A, which automatically sends text messages to a premium rate number without the owner's knowledge. Another, Android/Tcent.A, also contains an SMS-sending Trojan but attempts to uninstall anti-virus protection.
Overall, McAfee found 12 million unique samples of malware in the first half of 2011, up 22 percent from the year before.
Google was unable to comment at press time, but it adopts a very different approach from Apple when it comes to running an app market. During a May hearing on location tracking, Google said it does not monitor apps once they are added to the Android Marketplace, in the interest of openness. Instead, it lets most apps enter the Android Market and quickly removes them once malware is verified.
"We've chosen not to be the gatekeeper," Alan Davidson, director of public policy at Google, said at the time. "We don't generally go back and try to make sure that every app does what it says it's going to do. [Google is] really trying to maximize the ability of small app developers to get online."
Earlier this month Lookout Security, a mobile security firm, said Android users were 2.5 more likely to discover malware than they were just six months ago.
For more, see "How to Create Your Own Android Trojan in 5 Easy Steps" as well as the Six Security Apps That Can Help Recover a Stolen Laptop slideshow below.