Study Finds Huge Rise In Android Malware

Google’s Android platform has become a target for malware writers, with a 400 percent rise in malicious code

Google’s Android mobile operating system has become the top focus for malware programmers, according to a new study from Juniper Networks, which found a 400 percent increase in Android malware since the summer of 2010.

The “Malicious Mobile Threats Report 2010/2011” was compiled by the Juniper Networks Global Threat Center (GTC) research facility. It found that mobile devices have become the latest focus for malware writers, with Android the fastest-growing target.

Lack of security software

Juniper’s study found that, despite application downloads representing the main source of infections, the vast majority of smartphone users are not using antivirus software to scan downloads for malware.

The increase in security threats is a result of user disinterest in security, large numbers of downloads from unknown or unvetted sources and the absence of mobile device security software, according to Juniper.

“App store processes of reactively removing applications identified as malicious after they have been installed by thousands of users is insufficient as a means to control malware proliferation,” said Dan Hoffman, Juniper’s chief mobile security evangelist, in a statement. “There are specific steps users must take to mitigate mobile attacks. Both enterprises and consumers alike need to be aware of the growing risks associated with the convenience of having the Internet in the palm of your hand.”

The study found that 17 percent of all reported infections were due to SMS Trojans sending SMS messages to premium rate numbers.

Infonetics research confirmed that mobile devices are growing as a focus for hackers as the smartphone market matures.

“Hackers are now setting their sights on mobile devices,” said Infonetics Research analyst Jeff Wilson, in a statement. “Operating system consolidation and the massive and growing installed base of powerful mobile devices is tempting profit-motivated hackers to target these devices.”

Wilson said a recent survey of large businesses found that nearly 40 percent considered smartphones the device type now posing the largest security threat.

More advanced attacks

Juniper said consumers should expect to see more advanced attacks against Android, including attacks designed to make Android devices part of zombie botnets.

The company said the first bank phishing application appeared in the Android Market in January 2010.

Juniper also cited specific Android incidents, including one in which Vodafone unknowingly shipped devices with SD cards preloaded with the Mariposa botnet, which infected Windows systems when the handsets were connected to a PC.

The iPhone platform is currently at risk from applications that can obtain user data and transmit it outside of the device, the Juniper report said.

The study cited research from the Technical University of Vienna and the University of California, Santa Barbara, which found that nearly half of the 1,400 iPhone and iPad applications analysed leaded various forms of sensitive data to third parties.

“In most cases, application developers used pre-packaged code purchased from advertising agencies, originally intended to collect device information that could be used to build advertising profiles of the device user,” Juniper said in the study.

Data from Juniper’s Junos Pulse Mobile Security Suite found that spyware capable of monitoring any and all forms of communication to and from a mobile device accounded for 61 percent of all reported infections.

On the Android platform, such malware accounted for 100 percent of reported infections.

Lost devices

The company found that one-third of Junos Pulse users lost their device at some point and used the software’s “locate device” capability. Seventy-seven percent of those users then sent a command to lock the device, to keep a third party from using it.

In March Google removed more than 50 malicious apps from its Android Market and issued a security patch, after eventually admitting multiple malware attacks that compromised a number of Android-powered handsets.

The Android team also suspended the associated developer accounts and “remotely” deleted the infected apps from affected devices.