Study Finds Huge Rise In Android Malware

Google’s Android mobile operating system has become the top focus for malware programmers, according to a new study from Juniper Networks, which found a 400 percent increase in Android malware since the summer of 2010.

The “Malicious Mobile Threats Report 2010/2011” was compiled by the Juniper Networks Global Threat Center (GTC) research facility. It found that mobile devices have become the latest focus for malware writers, with Android the fastest-growing target.

Lack of security software

Juniper’s study found that, despite application downloads representing the main source of infections, the vast majority of smartphone users are not using antivirus software to scan downloads for malware.

The increase in security threats is a result of user disinterest in security, large numbers of downloads from unknown or unvetted sources and the absence of mobile device security software, according to Juniper.

“App store processes of reactively removing applications identified as malicious after they have been installed by thousands of users is insufficient as a means to control malware proliferation,” said Dan Hoffman, Juniper’s chief mobile security evangelist, in a statement. “There are specific steps users must take to mitigate mobile attacks. Both enterprises and consumers alike need to be aware of the growing risks associated with the convenience of having the Internet in the palm of your hand.”

The study found that 17 percent of all reported infections were due to SMS Trojans sending SMS messages to premium rate numbers.

Infonetics research confirmed that mobile devices are growing as a focus for hackers as the smartphone market matures.

“Hackers are now setting their sights on mobile devices,” said Infonetics Research analyst Jeff Wilson, in a statement. “Operating system consolidation and the massive and growing installed base of powerful mobile devices is tempting profit-motivated hackers to target these devices.”

Wilson said a recent survey of large businesses found that nearly 40 percent considered smartphones the device type now posing the largest security threat.

More advanced attacks

Juniper said consumers should expect to see more advanced attacks against Android, including attacks designed to make Android devices part of zombie botnets.

The company said the first bank phishing application appeared in the Android Market in January 2010.

Juniper also cited specific Android incidents, including one in which Vodafone unknowingly shipped devices with SD cards preloaded with the Mariposa botnet, which infected Windows systems when the handsets were connected to a PC.

The iPhone platform is currently at risk from applications that can obtain user data and transmit it outside of the device, the Juniper report said.

The study cited research from the Technical University of Vienna and the University of California, Santa Barbara, which found that nearly half of the 1,400 iPhone and iPad applications analysed leaded various forms of sensitive data to third parties.

“In most cases, application developers used pre-packaged code purchased from advertising agencies, originally intended to collect device information that could be used to build advertising profiles of the device user,” Juniper said in the study.

Data from Juniper’s Junos Pulse Mobile Security Suite found that spyware capable of monitoring any and all forms of communication to and from a mobile device accounded for 61 percent of all reported infections.

On the Android platform, such malware accounted for 100 percent of reported infections.

Lost devices

The company found that one-third of Junos Pulse users lost their device at some point and used the software’s “locate device” capability. Seventy-seven percent of those users then sent a command to lock the device, to keep a third party from using it.

In March Google removed more than 50 malicious apps from its Android Market and issued a security patch, after eventually admitting multiple malware attacks that compromised a number of Android-powered handsets.

The Android team also suspended the associated developer accounts and “remotely” deleted the infected apps from affected devices.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

View Comments

  • Internet Security specialist BullGuard recommends that Android users consider two basic security measures to stay safe:

    First and foremost, you should think twice before you download applications by finding out who uploaded it, check which rights and actions the app wishes to make use of, and consider whether this sounds right or not.
    Secondly, you should install security software on your phone. One of the few security programs on the market for smartphones is BullGuard Mobile Security 10 (www.bullguard.com/why/bullguard-mobile-security-10.aspx) containing an array of security solutions including: Antivirus, Antispyware, Antitheft, Parental Control, Basic Backup and Support. The program can be downloaded from Android Market (https://market.android.com/search?q=bullguard&so=1&c=apps) for $29.95.

Recent Posts

X’s Community Notes Fails To Stem US Election Misinformation – Report

Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…

1 day ago

Google Fined More Than World’s GDP By Russia

Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…

1 day ago

Spotify, Paramount Sign Up To Use Google Cloud ARM Chips

Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…

2 days ago

Meta Warns Of Accelerating AI Infrastructure Costs

Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…

2 days ago

AI Helps Boost Microsoft Cloud Revenues By 33 Percent

Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…

2 days ago