Android Malware Increased By 3,000 Percent in 2011

Malware that specifically targeted mobile operating systems increased in 2011 as smartphones became more popular with enterprise users, as well as consumers.

Cyber-criminals behind the attacks were particularly attracted to Google Android which saw the biggest jump in malware during the past 12 months, according to a report from Juniper Networks.

Massive attacks

Malware targeting the mobile operating system grew massively, by 3,325 percent, in the last seven months of 2011, according to Juniper’s 2011 Mobile Threat Report. Android malware accounted for about 46.7 percent of unique malware samples that targeted mobile platforms, followed by 41 percent for Java Mobile Edition.

Overall, mobile malware more than doubled in 2011, growing by 155 percent across all platforms, which included Apple’s iOS, Research In Motion’s BlackBerry and Symbian. New malware samples targeting Java Mobile Edition increased by a little less than 50 percent in 2011. Java ME is popularly used on Symbian and Windows Mobile devices.

Juniper saw a “significant increase in the amount of mobile malware, its sophistication, as well as new nimble social-engineering-based attacks”, said Daniel Hoffman, chief mobile security evangelist at Juniper Networks.

The Mobile Threat Centre at Juniper Networks examined more than 793,631 applications and 28,472 unique malware samples to compile the report. Despite the eye-popping growth figures, the total number for mobile malware remains minuscule, compared with malware targeting traditional computers.

The explosion in Android malware is a direct result of the platform’s diverse and open marketplace where developers are free to post their apps as well as growing market share, according to Juniper. Google’s market share in the mobile space, at 46.9 percent, is statistically the same as the proportion of Android malware detected by Juniper.

“Hackers are incented to target Android, because there are simply more Android devices as compared to the competition,” said Hoffman.

Google’s Bouncer service has been scanning apps in the Android Malware and removing offenders toward the second half of the year to make it harder for scammers to upload malicious apps. Bouncer will “certainly help” reduce infection rates from downloads on the official market of known threats, said Hoffman.

Malicious iPhone jailbreaking

Apple is slightly more secure due to its screening policies and closed marketplace, but iOS users have their own set of mobile security challenges, according to the report. Jailbreaking remains common and users with iOS devices are vulnerable to malicious jailbreaking services that infect the device during the rooting process.

Mobile devices are just as vulnerable to browser-based attacks triggered when a user navigates to a malicious Website as computers. There are fewer choices available for iOS users when it comes to security products to protect them from these kinds of threats.

“This lack of software protection and a competitive security market leave users with little protection if malware were ever to make it through Apple’s application-vetting process,” the report found.

In fact, there are several examples of developers slipping apps past Apple’s screeners last year. The most prominent example was when Apple researcher Charlie Miller got a seemingly innocuous app approved for the App Store, and then was able to use the app to remotely execute code on devices.

Malicious apps and scams targeting mobile users have become more sophisticated and many rely on social engineering tactics to trick users into downloading and installing, Juniper found.

“Industrious hackers” moved from proof-of-concept samples to developing profitable malware, according to the report.

Mobile malware can be classified into two different groups, Short Message Service (SMS) Trojans and spyware. Spyware was the most common form, accounting for about 63 percent of malware. Spyware on mobile devices generally goes after GPS data, text messages, contacts and browser activity and transmits it to a third-party.

Trojan threats

SMS Trojans, accounting for 46 percent of malware, trick users into agreeing to send premium SMS messages to attackers. As they generally run in the background, users are usually unaware these messages are being sent until they see the charges on their bills.

Scammers often piggyback SMS Trojans onto “fake installers”, which are apps that trick users into paying for them even though they may be legitimately available for free.

These fake installers create a “low barrier to entry” for cyber-criminals interested in mobile scams but lacking the technical skills, according to the report. Application stores are the prime delivery mechanism for infected apps, and it is far easier to turn around these types of apps rather than those targeting actual vulnerabilities.