Report: Android malware up 614% as smartphone scams go industrial

iOS users look smug, but with reason this time

59 Reg comments Got Tips?

While the mobile industry is still deciding if there's a market for two, three, or four smartphone operating systems, mobile malware writers have picked their target and are flocking to Android, according to the latest annual security report data from Juniper Networks.

The company's Mobile Threat Center has analyzed nearly two million mobile applications over the last year and seen the number of dodgy Android apps rise from 38,689 in Q1 2011 to 276,259 a year later.

Part of this 614 per cent rise comes from the cratering state of Symbian, BlackBerry, and Windows Phone sales, but the shift to Android comes mainly from the operating system's prevalence and Apple's tight control of iOS apps.

"Apple does a really good job with checking apps," Michael Callahan, vice president of global security at Juniper told The Register. "Google does a good job with the Play store as well, but there are hundreds of third-party Android apps stores. They're enticing because you think 'I can get this app for free' and they don’t realize it's malware."

Apple users will typically only go to the official store for apps, he said, although there is an increased risk for iPhone users who have decided to jailbreak their handsets. But the further geographically you get from the US, the more Android users are going to look to local stores for their applications.

Unfortunately, some of these stores are hosting malware. China leads the pack with 173 storefronts allowing dodgy code; Russia is a close second at 132 hosts, and the US third with 76 dangerous sites. But there's a strong language bias towards English – if you're after apps in German or Dutch, the number of infected app stores drops to 16 and 13 respectively on world markets.

Easy money

The most typical form of malware seeks to send SMS messages to premium rate lines, yielding an average of $10 per infection, the report states. But that can add up to a pretty chunk of change, and because the laws governing premium-line repayments are so outdated it's easy money, Callahan said – the culprit is long gone with the cash before the carrier realizes it has been scammed.

There's also a focus on mobile banking as a lucrative target. Mobile malware like ZeuS-in-the-Mobile is proving ever-more popular and third-party mobile wallet systems aren't immune to cracking, with near-field communications opening up a new attack window, Juniper warns.

The report also spotted increasingly successful botnet software for smartphones. In December 2012, the Tascudap Trojan began spreading on handsets, setting up regular pings to command and control servers at a domain registered as Once a device is infected, the C&C system can upload attack code as needed and investigate any enterprise network the handset is connected to.

"It's the very early stages of starting to do reconnaissance from a mobile device to understand the vulnerabilities of a network," Callahan said. "This is the same movie that played on the desktop. With an open-access Trojan they get to see what the privileges are, they escalate through, and ultimately can steal whatever they want to steal."

Annual trends in mobile malware

Deck the phones with sprigs of malware

The report's data also shows a surprising sophistication in the mobile malware market release schedule. Malware activity plateaus in the summer months, but then rises sharply over the Christmas period to coincide with the busiest season for smartphone purchases.

"During those months people are getting new devices and they're all excited – they're on the hunt for apps," Callahan explained. "We see that malware developers know they have a customer that's going to be looking, so they put a lot of product out there. Between November and February there's a lot of malware out there for people who are going to be looking for new applications."

Firm data on the malware writers themselves is difficult to come by, but Callahan said it was "not that big a jump" to assume that the traditional players in the PC malware industry were simply applying their methods to the mobile market. There are some new players in the mobile field, however, that hadn't been seen before.

The update problem

Android's pivotal problem is the fractured nature of its market, Callahan said. The Gingerbread 2.3 Android build is still the most used mobile OS and it lacks crucial protections.

Over three quarters of the current malware out there could be blocked if handsets were running the latest Android build, the survey found. Even if hardware restrictions make running the higher levels of the OS impossible, then some sort of basic security patch should be possible for older operating systems, he suggested.

Android's fragmentation was a point Tim Cook was keen to make earlier this month at WWDC. Cook claimed iOS 6 was the world's most popular mobile OS, since 93 per net of Apple users were updated, and he twisted the knife with some pointed stats on Apple developer's revenue per app as well.

El Reg hasn't heard from Google on the report's findings, but Callahan said the Chocolate Factory is better than some at fixing problems on the latest builds as they come up. Distributing those fixes to older systems looks to be an issue that Google will have to address. ®


Keep Reading

Homeland Security demands a 911 for reporting security holes in federal networks: 'Vulns in internet systems cause real-world impacts'

Great – and who will be the first responders?

USA decides to cleanse local networks of anything Chinese under new five-point national data security plan

‘Clean Network’ initiative bans use of Chinese clouds, names Alibaba, Baidu, and Tencent as compromised

If you haven't potentially exposed 1000s of customers once again with networking vulns, step forward... Not so fast, Palo Alto Networks

Getting to be a real PAN in the OS

Phuck off, phishers! JPMorgan Chase crafts AI to sniff out malware menacing staff networks

Machine-learning code predicts whether connections are legit or likely to result in a bad day for someone

Staffer emails compromised and customer details exposed in T-Mobile US's third security whoopsie in as many years

And there it is – exactly what telco was fretting over in FY'19 results

UK smacks Huawei with banhammer: Buying firm's 5G gear illegal from year's end, mobile networks ordered to rip out all next-gen kit by 2027

Country to be hit with £2bn cost, massive tech delay after firm 'materially compromised' by latest US sanctions

Poor, poor mobile networks. UK's comms watchdog plans to stop 'em selling locked-down handsets

First OTT apps nick their SMS revenue, now this...

Better late than never... Google Chrome to kill off 'tiny' number of mobile web ads that gobble battery, CPU power

Could have done with this years ago to stave off rise of advert blockers but fine, OK, whatever, now it's coming

Biting the hand that feeds IT © 1998–2020