Android Malware Proliferates

Security researchers say malicious Android applications are continuing to grow at an alarming rate

As Android market share continues to grow, malware developers are increasing targeting the platform, according to security researchers.

While the total volume of mobile malware and malware specifically targeting Android remain very small in comparison to malware targeting the Windows platform, recent reports found the numbers are growing, and are likely to continue to do so in 2012.

Mobile malware

Malware targeting Android devices jumped nearly 37 percent since last quarter, McAfee Labs reported in its third quarter Threats Report released on 21 November.

The findings concur with an earlier report by Juniper Networks’ Global Threat Centre, which reported in its Malicious Mobile Threats Report released on 15 November that there was a 472 percent increase in Android malware samples detected by 10 November, compared to what had been detected in July.

October and November have seen the “fastest growth in Android malware discovery”, according to the Juniper Global Threat Centre report. Malware samples identified in September increased 28 percent over known samples and there was another 110 percent increase in October over what was detected in the previous month.

The biggest surge was between October and November, contributing to the overall 400 percent growth, a Juniper spokesperson told eWEEK.

It’s not just the volume of malware that worries Juniper researchers, but the fact that the examples are becoming more sophisticated. Only some of the malware detected in spring had the capability to exploit vulnerabilities in the platform to gain root access on the device.

“Today, just about every piece of malware that is released contains this capability,” the researchers concluded on the Global Threat Centre blog.

Surge

Malware developers just need a developer account, pay $25 (£16) and post malicious applications on the Android Market, Juniper researchers wrote.

Since the first group of apps infected with the DroidDream malware family was removed from the Android Market, there has been a surge of other malicious apps, Juniper said.

Juniper also said a little over half, or 55 percent, of Android malware is disguised as spyware while 44 percent used a SMS Trojan to send text messages to prime-rate numbers to rack up expensive charges on the user’s mobile phone bill.

Security firm Mocana released the Device Confidence Index last week which found that 47 percent of people felt their mobile devices were not secure when it came to storing sensitive information.

The distrust extended to both iOS and Android, with only 26 percent and 19 percent saying they felt positive about their respective platform’s ability to protect personal data.

“The majority of those expressing an opinion didn’t trust Apple’s iOS to be secure, and Google’s Android platform and RIM’s Blackberry fared still worse,” Mocana wrote in the report.

Profiting from fear

These studies don’t appear to have convinced Chris DiBona, an open-source programme manager at Google.

In a 16 November post on Google+, diBona accused security companies of “playing” on fears to sell security software for mobile platforms.

He dismissed existing Android threats as “little things” that didn’t cause much damage thanks to the protections built into the platform.

“They are charlatans and scammers. If you work for a company selling virus protection for Android, RIM or IOS you should be ashamed of yourself,” DiBona wrote.